JWT Authentication Coming Soon For WordPress

July 5th, 2017

Posted in General


We have received a few inquiries about JWT Bearer Tokens being supported to authenticate with WordPress. Now that we launched WP OAuth Server 3.4.0, adding JWT Authentication for WP REST API is now our main focus for the next release.

Our Thoughts on JWT Authentication with WP OAuth Server

JSON Web Tokens have become relatively simple way to make authorized calls to a server without exposing sensitive data. The reason we have not really supported JWT Authentication is due to the lack of simplicity to set up a client. The main thing to look at in the description is “without exposing sensitive data”. This is not entirely true when utilizing JWT authentication for any client. A victim of this is the only plugin that we know of “JWT Authentication for WP REST API” that support JWT authentication.

In order to publicly accept new requests, a client needs to pass a user name and password at least once. This defeats the purpose if JWT tokens and thus make JWT just like OAuth 2. The setup and flow are not incorrect nor is it wrong. If the user has to pass a username and password to the server then the user might as well be using the Password grant type for OAuth 2.0.

All In All, we are working to fully support anyone that wants to just JWT Authorization for WordPress.

About Justin

Atari owner, traveler, music listener, half deaf and HTML5 Guru. Operating at the nexus of developer and computer science to answer complicated problems with honest solutions. Nothing ventured, nothing gained.

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

WP OAuth Server