search

nicumicle / simple-jwt-login

This plugin allows you to log in, register, authenticate, delete and change the user password to a WordPress website using a JWT.
http://wordpress.org/plugins/simple-jwt-login/
GNU General Public License v3.0
82 stars 22 forks source link

How to set token expirations based on User Role #77

Closed mfs-bldmghty closed 1 year ago

mfs-bldmghty commented 1 year ago

We want our Shop Manager JWTs to not expire at all.

Customers would have the value set in the plugin's UI.

I suspect there's a filter in the plugin that would help but nothing jumped out at me.

Thanks

nicumicle commented 1 year ago

Hello,

You can use the simple_jwt_login_jwt_payload_auth filter.

This will allow you to change the payload on the auth endpoint.

In order for a JWT to not expire, you need to remove the exp parameter. Here you can see the payload parameters : https://simplejwtlogin.com/docs/authentication/#jwt-payload-parameters

Also, if you want to have access to the currently authenticated user, you can use the simple_jwt_login_generate_payload filter. Check the code here.

Let me know if this helps.

mfs-bldmghty commented 1 year ago

@nicumicle - OK. Great. Thank you.