nreynis
commented
5 years ago I realised that last_login_time was a meta added by the security plugin. It's not part of wordpress core. Therefore there is no issue with your code, it's an integration problem.
I close the issue.
When requesting a token the user submit an
usernameand apasswordthis is a login action. You should refresh this user'slast_login_time.Not only does it make sense from the functionnal perspective but it's also required for compatibility with security plugins who enforce user relogin after a set amont of time (ex: https://fr.wordpress.org/plugins/all-in-one-wp-security-and-firewall/)