We have received a few inquiries about JWT Bearer Tokens being supported to authenticate with WordPress. Now that we launched WP OAuth Server 3.4.0, adding JWT Authentication for WP REST API is now our main focus for the next release.

Our Thoughts on JWT Authentication with WP OAuth Server

JSON Web Tokens have become relatively simple way to make authorized calls to a server without exposing sensitive data. The reason we have not really supported JWT Authentication is due to the lack of simplicity to set up a client. The main thing to look at in the description is “without exposing sensitive data”. This is not entirely true when utilizing JWT authentication for any client. A victim of this is the only plugin that we know of “JWT Authentication for WP REST API” that support JWT authentication.

In order to publicly accept new requests, a client needs to pass a user name and password at least once. This defeats the purpose if JWT tokens and thus make JWT just like OAuth 2. The setup and flow are not incorrect nor is it wrong. If the user has to pass a username and password to the server then the user might as well be using the Password grant type for OAuth 2.0.

All In All, we are working to fully support anyone that wants to just JWT Authorization for WordPress.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Posts

We have put together some other posts that you may like.

WP OAuth Server Update 3.5.8 Released

Today we have released a minor update for WP OAuth Server. This update contains...

Read more

New 3.5.6 WordPress OAuth Server Release Contains Live Chat Support and REST API Blocking

Hello Everyone! Today we are launching the newest update for WP OAuth Server and...

Read more

3.4.5 version of WP OAuth Server Released

Today we  excited to release version 3.4.5 of WP OAuth Server. The updates were...

Read more

Are you looking for an awesome digital solution?