WordPress login using JWT Token from any applications (WordPress SSO)
WordPress login using JWT Token from any applications (WordPress SSO)
The WordPress Login and Register using the JWT plugin allow you to log in (WordPress Single Sign-On) into the WordPress application using the JWT token(JSON Web token) from any other WordPress site or other applications/platforms including mobile applications.
Download And Installation
Log into your WordPress instance as an admin.
Go to the WordPress Dashboard -> Plugins and click on Add New.
Search for a WordPress WP Login and Register using JWT plugin and click on Install Now.
Steps to configure JWT Login (Single Sign-On) plugin
The following setup guide contains features available in JWT Login( WordPress Single Sign-On) premium plugin.
1. Create the JWT token based on WordPress user credentials (Create JWT Feature):
This feature will help you to create the JWT token based on WordPress user credentials. It also helps you authenticate your users on other apps trying to log in using WordPress credentials.
1.1 : Step to Create JWT
Go to the miniOrange JWT Login plugin and select the Create JWT option from configuring JWT settings tab.
As you can see, the JWT Security Settings section is auto-filled, but you can modify it according to your needs. Click Save Settings to save your changes.
Scroll down, and you get the Create JWT API endpoint. Keep the API endpoint handy as it will require later to configure the postman.
1.2 : Test the Create JWT API endpoint using the Postman tool
Using Postman, configure the API Endpoint you received from the previous step.
In the body section, you must also include your WordPress username and password (see image below). Send the message by clicking the send button. Upon receiving the JWT token, you will be able to use it.
Sample curl Request Format-curl -d "username=<wordpress_username>&password=<wordpress_password>"-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt
2. Register into WordPress using user registration API from any external platforms (Register User for JWT):
This feature will help you to create the user in WordPress via API and returns the user-based JWT token which can be used further for user login, deletion, etc
2.1 : Step to Register user for jwt
Go to the miniOrange JWT Login plugin and select the Register User for JWT option from configuring JWT settings tab.
You will see the Role Mapping Settings section, where you can select the default role for the user using the Select Default Role option. From the dropdown list, select the role for your user and check the Allow 'role' parameter in the Register request box. Click on the Save Settings button.
Scroll down, and you get the user registration API endpoint. Keep the API endpoint handy as it will require later to configure the postman.
2.2 : Test the Register user JWT API endpoint using the Postman tool
Using Postman, configure the user registration API Endpoint you received from the previous step.
In the body section, you must also include your WordPress username (see image below). Send the message by clicking the send button. You will receive the Jwt token.
A user's role will be assigned to your WordPress site after they successfully receive the JWT token.
Sample curl Request Format-curl -d "username=<wordpress_username>&password=<wordpress_password>"-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt-register
3. Delete/Remove specific users from WordPress using the user based JWT token (Delete User with JWT)
This feature will help you to delete your users from WordPress via API endpoint using the user based JWT token.
3.1 : Step to Delete user with jwt
Go to the miniOrange JWT Login plugin and select the Delete User with JWT option from configuring JWT settings tab. Click on save settings button.
You will receive the Delete JWT API endpoint after saving your settings. Keep the endpoint handy for configuating the Postman later.
3.2 : Test the Delete user JWT API endpoint using the Postman tool
Using Postman, configure the delete user API Endpoint you received from the previous step.In the body section, you must also include jwt-token of the user which you want to delete from the wordpress site and API key (optional) (see image below). Send the message by clicking the send button. You will receive the The user is deleted successfuly massage.
Sample Example to request the user based JWT
Request:POSThttps://<domain-name>/wp-json/api/v1/mo-jwt-delete Body:jwt-token = <The jwt token of that whom you want to remove from WordPress>
Sample curl Request Format-curl -d "jwt-token=<JWT_token>"-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt-delete
4. Sync user login session between multiple platforms(Login User with JWT) | SSO login in WordPress using token
This feature will help you to auto login (Single Sign On) your users in WordPress using the user based JWT token either created from the plugin or obtained from external identities like OAuth 2.0/OpenID Connect providers, Firebase etc.
4.1 : Step to Login User with JWT
Go the plugin and select the Login User with JWT option and click on Save Settings button.
In the Get JWT token from section, we support both Request URL Parameters and Cookies for enabling the plugin to identify the JWT token needed and then can be used further to validate and auto login user.
You can auto redirect the user on login to homepage or on the same page/URL from where the autologin is initiated using User Redirection after Auto-login option.
You can choose the Signing Algorithm HS256 or RS256 to sign the JWT using this method. Additionally, you can enter a key/certificate to decrypt the JWT in the Decryption key/certificate field.
You can use this method to create the public keys for the JWT token and validate its signature by entering the JWKS endpoint.
By adding the OAuth Introspection/Userinfo Endpoint, Client ID, and Client Secret, you can use this method to determine whether the OAuth token is valid exists.
Let's see how the user can log in to the WordPress site using the Signing Key/Certificate Validation method
Go to the JWT token validation Method section and enable the Signing Key/Certificate Validation option. Also, select the signing algorithm from the dropdown.
Enter the Decryption key/certificate key and click on Save Settings button.
Now, map the attributes in the attribute mapping section and click on the save button. This is the required feature to determine the user in WordPress and you need to map it to that attribute of the payload of the JWT token in which your user unique identity is coming like user id, username, email, etc.
Scroll down and go to sample example section you can find the JWT URL parameter, keet the URL hand as it will require later.
4.2 : Role Mapping Settings
In this section, you can assign roles based on a role attribute in the JWT token received.
You only need to follow these two steps to set the Role Mapping:
Fill in the Attribute name in which you are receiving the Role of the user.
Map the roles in the JWT token to the roles in WordPress and Click the Save Settings button.
Test the login using JWT as URL parameter
Visit your site URL on a private window, hit the user jwt token URL (example URL format: http://your-wordpress-domain?mo_jwt_token=<user-jwt-token>), and you will see that you have successfully logged in.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.