We have received a few inquiries about JWT Bearer Tokens being supported to authenticate with WordPress. Now that we launched WP OAuth Server 3.4.0, adding JWT Authentication for WP REST API is now our main focus for the next release.

Our Thoughts on JWT Authentication with WP OAuth Server

JSON Web Tokens have become relatively simple way to make authorized calls to a server without exposing sensitive data. The reason we have not really supported JWT Authentication is due to the lack of simplicity to set up a client. The main thing to look at in the description is “without exposing sensitive data”. This is not entirely true when utilizing JWT authentication for any client. A victim of this is the only plugin that we know of “JWT Authentication for WP REST API” that support JWT authentication.

In order to publicly accept new requests, a client needs to pass a user name and password at least once. This defeats the purpose if JWT tokens and thus make JWT just like OAuth 2. The setup and flow are not incorrect nor is it wrong. If the user has to pass a username and password to the server then the user might as well be using the Password grant type for OAuth 2.0.

All In All, we are working to fully support anyone that wants to just JWT Authorization for WordPress.

Share This Post

Other Posts


We have put together some other posts that you may like.

3.4.1 Release Notes

Today, version 3.4.1 was released. Below is a list of enhancements and fixes that...

Read more

Day of Action for Net Neutrality

On July 12, 2017, websites, Internet users, and online communities will come together to...

Read more

Scheduled Maintenance

Today we preformed scheduled maintenance on our server and site. Part of the maintenance...

Read more

Do you need a developer for your project? We are available for hire.