UPDATE: WP OAuth Server does support JWT now.
We have received a few inquiries about JWT Bearer Tokens being supported to authenticate with WordPress. Now that we launched WP OAuth Server 3.4.0, adding JWT Authentication for WP REST API is now our main focus for the next release.
Our Thoughts on JWT Authentication with WP OAuth Server
JSON Web Tokens have become a relatively simple way to make authorized calls to a server without exposing sensitive data. The reason we have not really supported JWT Authentication is due to the lack of simplicity to set up a client. The main thing to look at in the description is “without exposing sensitive data”. This is not entirely true when utilizing JWT authentication for any client. A victim of this is the only plugin that we know of “JWT Authentication for WP REST API” that support JWT authentication.
In order to publicly accept new requests, a client needs to pass a user name and password at least once. This defeats the purpose if JWT tokens and thus make JWT just like OAuth 2. The setup and flow are not incorrect nor is it wrong. If the user has to pass a username and password to the server then the user might as well be using the Password grant type for OAuth 2.0.
All In All, we are working to fully support anyone that wants to just JWT Authorization for WordPress.
Current Version: 3.8.2
Any documentation and or published articles may not reflect the latest WP OAuth Server plugin version. It is always best to stay updated for security.
Friday August 23, 2019
Sunday December 16, 2018
Monday August 13, 2018
Wednesday April 18, 2018
OAuth Server 3.8.2
WP OAuth Server Pro allows for Unlimited clients and multiple grant types.BUY NOW