WordPress login using JWT Token from any applications (WordPress SSO)

WordPress login using JWT Token from any applications (WordPress SSO)


The WordPress Login and Register using the JWT plugin allow you to log in (WordPress Single Sign-On) into the WordPress application using the JWT token(JSON Web token) from any other WordPress site or other applications/platforms including mobile applications.

Download And Installation

  • Log into your WordPress instance as an admin.
  • Go to the WordPress Dashboard -> Plugins and click on Add New.
  • Search for a WordPress WP Login and Register using JWT plugin and click on Install Now.
  • Once installed click on Activate.

Steps to configure JWT Login (Single Sign-On) plugin


The following setup guide contains features available in JWT Login( WordPress Single Sign-On) premium plugin.


1. Create the JWT token based on WordPress user credentials (Create JWT Feature):

This feature will help you to create the JWT token based on WordPress user credentials. It also helps you authenticate your users on other apps trying to log in using WordPress credentials.

    1.1 : Step to Create JWT

    • Go to the miniOrange JWT Login plugin and select the Create JWT option from configuring JWT settings tab.
    • WordPress Jwt Single Sign-On-select-jwt option
    • As you can see, the JWT Security Settings section is auto-filled, but you can modify it according to your needs. Click Save Settings to save your changes.
    • WordPress Jwt Single Sign-On jwt security setting
    • Scroll down, and you get the Create JWT API endpoint. Keep the API endpoint handy as it will require later to configure the postman.
    • WordPress Jwt Single Sign-On jwt api endpoint

    1.2 : Test the Create JWT API endpoint using the Postman tool

    • Using Postman, configure the API Endpoint you received from the previous step. In the body section, you must also include your WordPress username and password (see image below). Send the message by clicking the send button. Upon receiving the JWT token, you will be able to use it.
    • WordPress Jwt Single Sign-On  test the create jwt token

miniorange img Sample Example to request the user-based JWT


Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt
Body:username = <wordpress username>
password = <wordpress password>
 
Sample curl Request Format-
curl -d "username=<wordpress_username>&password=<wordpress_password>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt 

2. Register into WordPress using user registration API from any external platforms (Register User for JWT):

This feature will help you to create the user in WordPress via API and returns the user-based JWT token which can be used further for user login, deletion, etc .

    2.1 : Step to Register user for jwt

    • Go to the miniOrange JWT Login plugin and select the Register User for JWT option from configuring JWT settings tab.
    • WordPress Jwt Single Sign-On register user using jwt token
    • You will see the Role Mapping Settings section, where you can select the default role for the user using the Select Default Role option. From the dropdown list, select the role for your user and check the Allow 'role' parameter in the Register request box. Click on the Save Settings button.
    • WordPress Jwt Single Sign-On role mapping
    • Scroll down, and you get the user registration API endpoint. Keep the API endpoint handy as it will require later to configure the postman.
    • WordPress Jwt Single Sign-On registration api endpoint

    2.2 : Test the Register user JWT API endpoint using the Postman tool

    • Using Postman, configure the user registration API Endpoint you received from the previous step. In the body section, you must also include your WordPress username (see image below). Send the message by clicking the send button. You will receive the Jwt token.
    • WordPress Jwt Single Sign-On test the register user
    • A user's role will be assigned to your WordPress site after they successfully receive the JWT token.
    • WordPress Jwt Single Sign-On jwt token recieved

miniorange img Sample Example to request the user registration


Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt-register            
Body:username = <wordpress username>
password(Optional) = <wordpress password>
 
Sample curl Request Format-
curl -d "username=<wordpress_username>&password=<wordpress_password>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt-register 

3. Delete/Remove specific users from WordPress using the user based JWT token (Delete User with JWT)

This feature will help you to delete your users from WordPress via API endpoint using the user based JWT token.

    3.1 : Step to Delete user with jwt

    • Go to the miniOrange JWT Login plugin and select the Delete User with JWT option from configuring JWT settings tab. Click on save settings button.
    • WordPress Jwt Single Sign-On delete user with jwt
    • You will receive the Delete JWT API endpoint after saving your settings. Keep the endpoint handy for configuating the Postman later.
    • WordPress Jwt Single Sign-On delete jwt api

    3.2 : Test the Delete user JWT API endpoint using the Postman tool

    • Using Postman, configure the delete user API Endpoint you received from the previous step.In the body section, you must also include jwt-token of the user which you want to delete from the wordpress site and API key (optional) (see image below). Send the message by clicking the send button. You will receive the The user is deleted successfuly massage.
    • WordPress Jwt Single Sign-On test the delete user

miniorange img Sample Example to request the user based JWT


Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt-delete        
Body:jwt-token = <The jwt token of that whom you want to remove from WordPress>
 
Sample curl Request Format-
curl -d "jwt-token=<JWT_token>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt-delete 

4. Sync user login session between multiple platforms(Login User with JWT) | SSO login in WordPress using token

This feature will help you to auto login (Single Sign On) your users in WordPress using the user based JWT token either created from the plugin or obtained from external identities like OAuth 2.0/OpenID Connect providers, Firebase etc.

    4.1 : Step to Login User with JWT

    • Go the plugin and select the Login User with JWT option and click on Save Settings button.
    • WordPress Jwt Single Sign-On login user using jwt
    • In the Get JWT token from section, we support both Request URL Parameters and Cookies for enabling the plugin to identify the JWT token needed and then can be used further to validate and auto login user.
    • WordPress Jwt Single Sign-On request url parameter
    • You can auto redirect the user on login to homepage or on the same page/URL from where the autologin is initiated using User Redirection after Auto-login option.
    • WordPress Jwt Single Sign-On auto redirect
    • We support below JWT token validation Methods:

      You can choose the Signing Algorithm HS256 or RS256 to sign the JWT using this method. Additionally, you can enter a key/certificate to decrypt the JWT in the Decryption key/certificate field.

      WordPress Jwt Single Sign-On algorithum
miniorange img LOGIN FLOW

    Let's see how the user can log in to the WordPress site using the Signing Key/Certificate Validation method

    • Go to the JWT token validation Method section and enable the Signing Key/Certificate Validation option. Also, select the signing algorithm from the dropdown.
    • WordPress Jwt Single Sign-On jwt token method
    • Enter the Decryption key/certificate key and click on Save Settings button.
    • WordPress Jwt Single Sign-On decreyption
    • Now, map the attributes in the attribute mapping section and click on the save button. This is the required feature to determine the user in WordPress and you need to map it to that attribute of the payload of the JWT token in which your user unique identity is coming like user id, username, email, etc.
    • WordPress Jwt Single Sign-On attribute mapping
    • Scroll down and go to sample example section you can find the JWT URL parameter, keet the URL hand as it will require later.
    • WordPress Jwt Single Sign-On jwt parameter

    4.2 : Test the login using JWT as URL parameter

    • Visit your site URL on a private window, hit the user jwt token URL (example URL format: http://your-wordpress-domain?mo_jwt_token=<user-jwt-token>), and you will see that you have successfully logged in.
    • WordPress Jwt Single Sign-On testing login url

Need Help?

Mail us on apisupport@xecurify.com or oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com