Token validation should succeed if UUID absent from token AND JWT_AUTH_TOKEN_TRACKING undefined or false

Tmeister / wp-api-jwt-auth

A simple plugin to add JSON Web Token (JWT) Authentication to WP REST API

GNU General Public License v2.0

558 stars 161 forks source link

Closed caraffa closed 6 years ago

caraffa commented 6 years ago

Hi. Token validation should succeed if UUID is missing in the decoded token but JWT_AUTH_TOKEN_TRACKING is undefined or false. Should change...

if ( ! isset($token->data->user->uuid)) {

in class-jwt-auth-public.php to...

if ( defined('JWT_AUTH_TOKEN_TRACKING') && JWT_AUTH_TOKEN_TRACKING === true && ! isset($token->data->user->uuid)) {

Thank for the useful job!

caraffa commented 6 years ago

Sorry, I was working with an old version. I've cloned your development branch and now I see that UUID features have been removed.