I am working on generating a JWT token for the users who log in to my site using a plugin JWT Auth and that token will be used for a external dashboard.
The issue that I am facing is that for generating a JWT token you need to pass username and password as form-data to /wp-json/jwt-auth/v1/token endpoint but the password that is stored in the database is hashed and cannot be decrypted so what is the solution for this? I cannot send plain text password to the endpoint.
Looking forward to your suggestions.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
For the developers who are facing the similar issue here is what I have done to achieve the desired results.
The best way would be to develop the functionality from scratch but due to a tight deadline I opted to modify the JWT Auth Plugin
I have modified the method get_token in the file class-auth.php. What I have done is that at first the method was looking for params username and password and I have modified it to receive userID as the param required. Why userID ? It is because I am running a cURL call to get the user data after the user sign in. Here is the code for the get_token method if anyone wants to use it. Although it was a small modification but it produces the required results. Thank you all for the suggestions. Happy Coding
public function get_token(WP_REST_Request $request)
{
$secret_key = defined('JWT_AUTH_SECRET_KEY') ? JWT_AUTH_SECRET_KEY : false;
$userID = $request->get_param('user_id');
$custom_auth = $request->get_param('custom_auth');
// First thing, check the secret key if not exist return a error.
if (!$secret_key) {
return new WP_REST_Response(
array(
'success' => false,
'statusCode' => 403,
'code' => 'jwt_auth_bad_config',
'message' => __('JWT is not configurated properly.', 'jwt-auth'),
'data' => array(),
)
);
}
// Getting data for the logged in user.
$user = get_user_by('id', $userID);
// If the authentication is failed return error response.
if (!$user) {
// $error_code = $user->get_error_code();
return new WP_REST_Response(
array(
'success' => false,
'statusCode' => 403,
'code' => 404,
'message' => 'User does not exists.',
'data' => array(),
)
);
}
return $this->generate_token($user, false);
}
Method 2
You could use custom_auth parameter to handle this kind of situations
Edited
The JWT has a filter called jwt_auth_custom_auth, it will run when it receives a payload that contain ‘custom_auth’ you need to hook to that filter using add_fitler function see the code below.
In my case the first block of code goes to my rest api custom endpoint
where i used it to login/register users using only email address
The second block is to hook to the filter and i chose to put it in my plugin file, but you can put it also in you theme’s function.php file
You can see the logic in this file wp-contentpluginsjwt-authclass-auth.php lines 115 -> 160
$_request = new WP_REST_Request( 'POST', '/jwt-auth/v1/token' );
$_request->set_header( 'content-type', 'application/json' );
$_request->set_body(
json_encode(
[
'username' => $email,
'custom_auth' => true,
]
)
);
$response = rest_do_request( $_request );
return $response->data['data']['token']; // this will return a token
And in your function.php
add_filter(
'jwt_auth_do_custom_auth',
function ( $custom_auth_error, $username, $password, $custom_auth ) {
if ( is_wp_error( $custom_auth_error ) ) {
return null;
}
$user = get_user_by( 'email', $username );
return $user;
},10,4);
I hope this helps
NOTE: not tested
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0