WordPress login using JWT Token from any applications (WordPress SSO)
WordPress login using JWT Token from any applications (WordPress SSO)
The WordPress Login and Register using the JWT plugin allow you to log in (WordPress Single Sign-On) into the WordPress application using the JWT token(JSON Web token) from any other WordPress site or other applications/platforms including mobile applications.
Download And Installation
- Log into your WordPress instance as an admin.
- Go to the WordPress Dashboard -> Plugins and click on Add New.
- Search for a WordPress WP Login and Register using JWT plugin and click on Install Now.
- Once installed click on Activate.
Steps to configure JWT Login (Single Sign-On) plugin
The following setup guide contains features available in JWT Login( WordPress Single Sign-On) premium plugin.
1. Create the JWT token based on WordPress user credentials (Create JWT Feature):
This feature will help you to create the JWT token based on WordPress user credentials. It also helps you authenticate your users on other apps trying to log in using WordPress credentials.
- Go to the miniOrange JWT Login plugin and select the Create JWT option from configuring JWT settings tab.
- As you can see, the JWT Security Settings section is auto-filled, but you can modify it according to your needs. Click Save Settings to save your changes.
- Scroll down, and you get the Create JWT API endpoint. Keep the API endpoint handy as it will require later to configure the postman.
1.1 : Step to Create JWT
- Using Postman, configure the API Endpoint you received from the previous step. In the body section, you must also include your WordPress username and password (see image below). Send the message by clicking the send button. Upon receiving the JWT token, you will be able to use it.
1.2 : Test the Create JWT API endpoint using the Postman tool
Sample Example to request the user-based JWT
Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt
Body:username = <wordpress username>
password = <wordpress password>
Sample curl Request Format-
curl -d "username=<wordpress_username>&password=<wordpress_password>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt 2. Register into WordPress using user registration API from any external platforms (Register User for JWT):
This feature will help you to create the user in WordPress via API and returns the user-based JWT token which can be used further for user login, deletion, etc .
- Go to the miniOrange JWT Login plugin and select the Register User for JWT option from configuring JWT settings tab.
- You will see the Role Mapping Settings section, where you can select the default role for the user using the Select Default Role option. From the dropdown list, select the role for your user and check the Allow 'role' parameter in the Register request box. Click on the Save Settings button.
- Scroll down, and you get the user registration API endpoint. Keep the API endpoint handy as it will require later to configure the postman.
2.1 : Step to Register user for jwt
- Using Postman, configure the user registration API Endpoint you received from the previous step. In the body section, you must also include your WordPress username (see image below). Send the message by clicking the send button. You will receive the Jwt token.
- A user's role will be assigned to your WordPress site after they successfully receive the JWT token.
2.2 : Test the Register user JWT API endpoint using the Postman tool
Sample Example to request the user registration
Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt-register
Body:username = <wordpress username>
password(Optional) = <wordpress password>
Sample curl Request Format-
curl -d "username=<wordpress_username>&password=<wordpress_password>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt-register 3. Delete/Remove specific users from WordPress using the user based JWT token (Delete User with JWT)
This feature will help you to delete your users from WordPress via API endpoint using the user based JWT token.
- Go to the miniOrange JWT Login plugin and select the Delete User with JWT option from configuring JWT settings tab. Click on save settings button.
- You will receive the Delete JWT API endpoint after saving your settings. Keep the endpoint handy for configuating the Postman later.
3.1 : Step to Delete user with jwt
- Using Postman, configure the delete user API Endpoint you received from the previous step.In the body section, you must also include jwt-token of the user which you want to delete from the wordpress site and API key (optional) (see image below). Send the message by clicking the send button. You will receive the The user is deleted successfuly massage.
3.2 : Test the Delete user JWT API endpoint using the Postman tool
Sample Example to request the user based JWT
Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt-delete
Body:jwt-token = <The jwt token of that whom you want to remove from WordPress>
Sample curl Request Format-
curl -d "jwt-token=<JWT_token>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt-delete 4. Sync user login session between multiple platforms(Login User with JWT) | SSO login in WordPress using token
This feature will help you to auto login (Single Sign On) your users in WordPress using the user based JWT token either created from the plugin or obtained from external identities like OAuth 2.0/OpenID Connect providers, Firebase etc.
- Go the plugin and select the Login User with JWT option and click on Save Settings button.
- In the Get JWT token from section, we support both Request URL Parameters and Cookies for enabling the plugin to identify the JWT token needed and then can be used further to validate and auto login user.
- You can auto redirect the user on login to homepage or on the same page/URL from where the autologin is initiated using User Redirection after Auto-login option.
- We support below JWT token validation Methods:
4.1 : Step to Login User with JWT
You can choose the Signing Algorithm HS256 or RS256 to sign the JWT using this method. Additionally, you can enter a key/certificate to decrypt the JWT in the Decryption key/certificate field.
LOGIN FLOW
- Go to the JWT token validation Method section and enable the Signing Key/Certificate Validation option. Also, select the signing algorithm from the dropdown.
- Enter the Decryption key/certificate key and click on Save Settings button.
- Now, map the attributes in the attribute mapping section and click on the save button. This is the required feature to determine the user in WordPress and you need to map it to that attribute of the payload of the JWT token in which your user unique identity is coming like user id, username, email, etc.
- Scroll down and go to sample example section you can find the JWT URL parameter, keet the URL hand as it will require later.
Let's see how the user can log in to the WordPress site using the Signing Key/Certificate Validation method
- Fill in the Attribute name in which you are receiving the Role of the user.
- Map the roles in the JWT token to the roles in WordPress and Click the Save Settings button.
4.2 : Role Mapping Settings
In this section, you can assign roles based on a role attribute in the JWT token received.
You only need to follow these two steps to set the Role Mapping:
Test the login using JWT as URL parameter
- Visit your site URL on a private window, hit the user jwt token URL (example URL format: http://your-wordpress-domain?mo_jwt_token=<user-jwt-token>), and you will see that you have successfully logged in.
Need Help?
Mail us on apisupport@xecurify.com or oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
Need Help? We are right here!
