search

nicumicle / simple-jwt-login

This plugin allows you to log in, register, authenticate, delete and change the user password to a WordPress website using a JWT.
http://wordpress.org/plugins/simple-jwt-login/
GNU General Public License v3.0
82 stars 22 forks source link

feature: Parse only Bearer tokens and or unnamed tokens #96

Open BreX900 opened 9 months ago

BreX900 commented 9 months ago

I congratulate you on the plugin before I start!

Is your feature request related to a problem?

I request this feature because of WooCommerce, but in general any other plugin could work this way. When the user is not logged in, I don't have a JWT to pass to WooCommerce endpoints. So I am forced to use Basic Authorization or OAuth V1. But if I pass on the header one of these authorizations, this JWT plugin will intercept the header and throw an error because according to it it is invalid.

Describe the solution you'd like

My solution would be to force the token with the word Bearer in front of it to be passed on the header. The new regex would be ^(?:Bearer\s)(.*)$ for the file BaseService.php line 168. If this is not possible, I would say that it would be great that if the value in the header starts with something other than Bearer it would ignore the token. The regex then could be ^(?:Bearer\s)?([^\s]+)$

Additional context

You can test the problem by running the product call for WooCommerce using Basic Authorization or OAuth V1. Enabling auto login with the key in theAuthorization header.

I know I can set this JWT plugin to read the value on a different key in the header but I would like to avoid.