Open easaw opened 4 years ago
aamplugin
commented
4 years ago When I create a JWT for super-admin, it won't sync across the Network, so a JWT has to be created for each site. Which is not ideal.
Interesting point. I'll consider enhancing AAM core to allow creating cross-network JWT token. I will keep you posted in this thread about timelines.
lucasstark
commented
4 years ago @easaw The "problem" is if the token is revokable, a check is made against the user meta data table to locate issued tokens. If the token is revoked it of course fails the authentication.
When the token is issued, it is added to the users meta data table on the site they authenticated at. So, of course the token won't exist on subsites, since that is a separate table.
To get around this with a bit of a forced workaround would be to do something like this:
`add_action( 'get_user_option_aam_jwt_registry', 'get_aam_jwt_registry_from_root' , 10, 3 ); function get_aam_jwt_registry_from_root( $result, $option, $user ) { global $wpdb;
$prefix = $wpdb->base_prefix;
if ( $user->has_prop( $prefix . $option ) ) { // Blog-specific.
$result = $user->get( $prefix . $option );
} elseif ( $user->has_prop( $option ) ) { // User-specific and cross-blog.
$result = $user->get( $option );
} else {
$result = false;
}
return $result;
}`This was just a quick solution. Token revocation would need to occur at the main site.
vasyltech
commented
4 years ago @easaw that looks like an elegant solution. I'm going to prioritize it for the next release. Thank you!
easaw
commented
4 years ago Wasn't my solution, but I hope it gets implemented! Cheers.
When I create a JWT for super-admin, it won't sync across the Network, so a JWT has to be created for each site. Which is not ideal.