jonathan-dejong / simple-jwt-authentication

Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
GNU General Public License v3.0
87 stars 25 forks source link

Required to check for issuing domain? #69

Open axlright opened 4 years ago

axlright commented 4 years ago

Looking for a JWT solution that can generate and use a consistent token across multiple domains including production, staging and local. One of the benefits of JSON Web Tokens is their ability to work across different server domains.

The original JWT Authentication for WP REST API plugin by Enrique Chavez requires that the iss domain match the sending domain of the POST request, or else an error is thrown like The iss do not match with this server"

Can this re-boot of the plugin not check for issuing domain? Not all JWTs require the sending domain match a domain in a parameter in the token. To get to the full benefit of JWTs, it'd be cool to get rid of the requirement for the issuing domain to match the domain of the POST request.

Thanks for any feedback.