pesseba
commented
2 years ago You can use a internal rest api request in Wordpress to get a token with logged user. Just add a filter in wp authentication to skip the username and password verification. The plugin use this wordpress method internaly to generate a token: For example (I didn't test this):
add_filter('wp_authenticate_user',function($u, $p){ return wp_get_current_user(); },10,2);
$request = new WP_REST_Request( 'POST', '/jwt-auth/v1/token');
$response = rest_do_request( $request );So, the response give you the token
OEvans117
Tmeister
So my current goal is to reuse an existing Wordpress user's (that has been authenticated) session and be able to access the endpoints that one of my WP plugin (dokan) offers that requires a JWT or Basic Auth header. I want to avoid the process of the user (from my plugin) having to login on both wordpress, and again to retrieve JWT token. I chose JWT and this plugin because I figured it could possibly help me acheive this goal.
I thought the solution could possibly involve (in my PHP code) using wp_get_current_user() and retrieveing user and password from there to programmatically generate the JWT token and calling /wp-json/jwt-auth/v1/token, however it seems getcurrentuser method returns the hashed password, so I'm not sure if it would return a correct JWT token.
Another solution I thought of was checking cookies/local storage for any JWT tokens the plugin stores after logging in on Wordpress, so I could just reuse them in my code... However, this doesn't seem to happen when I login. Is it possible to hook onto the login function and force the creation of a JWT token that's stored into cookies, or would this be unsafe/unviable?
I cannot think of any other solution really, so I am at a bit of a standstill with this whole situation. Does anyone out there know what I can do?