We have received a few inquiries about JWT Bearer Tokens being supported to authenticate with WordPress. Now that we launched WP OAuth Server 3.4.0, adding JWT Authentication for WP REST API is now our main focus for the next release.

Our Thoughts on JWT Authentication with WP OAuth Server

JSON Web Tokens have become relatively simple way to make authorized calls to a server without exposing sensitive data. The reason we have not really supported JWT Authentication is due to the lack of simplicity to set up a client. The main thing to look at in the description is “without exposing sensitive data”. This is not entirely true when utilizing JWT authentication for any client. A victim of this is the only plugin that we know of “JWT Authentication for WP REST API” that support JWT authentication.

In order to publicly accept new requests, a client needs to pass a user name and password at least once. This defeats the purpose if JWT tokens and thus make JWT just like OAuth 2. The setup and flow are not incorrect nor is it wrong. If the user has to pass a username and password to the server then the user might as well be using the Password grant type for OAuth 2.0.

All In All, we are working to fully support anyone that wants to just JWT Authorization for WordPress.

Share This Post

Other Posts


We have put together some other posts that you may like.

WP OAuth Server Community Version: Major Update

The developers of WP OAuth Server at Dash10 Digital have decided that the CE version of...

Read more

WP OAuth Server Updated : 3.4.2

WP OAuth Server version 3.4.2 was released today to the general public. This version...

Read more

Sales to EU Customer Will Continue Without Restrictions

Today we decided that we will move ahead and open up sales to our...

Read more

Do you need a developer for your project? We are available for hire.