Comments (6)
Hello @shotor @melomontoya @kristjanmar,
The tag 3.4.0
has this functionality. You can not secure all rest endpoints or only specific endpoints with a JWT.
Also, when you secure all endpoints, you can set a specific list that can be whitelisted.
Please let me know what do you think.
Best regards,
Nicu.
from simple-jwt-login.
Or is there a way to validate the token tru PHP? I would like to validate the token on some endpoints.
from simple-jwt-login.
Have you tried the "Force login" (https://wordpress.org/plugins/wp-force-login/) plugin?
from simple-jwt-login.
Hi, "Force login" plugin doesn't fit 'cause it checks for "if( ! is_user_logged_in())" which doesn't work with JWT or nothing compatible with our APP. Is there a proper/safe way to make the "whitelist" work. We have tried the "1 file plugin" and "function.php" but it doesn't work.
Thanks
from simple-jwt-login.
Ok, after some digging we figured it out. Seems like the problem was the "array_merge" between both arrays. We changed it fot a foreach loop that "pushes" each endpoint and now it works. Oh, btw, it is also a one file plugin 'cause it wouldn't work on the functions.php
This is the final code
`/////////////////////////////////////////
//////// JWT WHITELIST para endpoints sin verificacion
/////////////////////////////////////////
if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly.
}
/----------------------------------------------------------------------------/
/**
- JWT whitelist
*/
add_filter(
'jwt_auth_whitelist',
function ( $endpoints ) {
$whitelists = array(
'/wp-json/MYENDPOINT/v1/home',
'/wp-json/MYENDPOINT/v1/stripewebhook'
);
foreach ( $whitelists as $whitelist ) {
if ( ! in_array( $whitelist, $endpoints, true ) ) {
array_push( $endpoints, $whitelist );
}
}
return $endpoints;
}
);
?>
`
from simple-jwt-login.
I'm interested in this as well. What did you do to restrict the endpoints before adding the whitelist code?
from simple-jwt-login.
Related Issues (20)
- bug: Authentication not working with any credentials HOT 1
- bug: autlogin expired token returns http code 400 HOT 5
- openssl_sign(): supplied key param cannot be coerced into a private key HOT 1
- bug: Able to read protected endpoints with revoked tokens. HOT 3
- feature: Endpoint user Info HOT 3
- How to set token expirations based on User Role HOT 2
- bug: Not working with woocommerce end point HOT 3
- bug: Fatal Error after fresh install from wordpress.com
- bug: Auto login doesn't work for first time HOT 3
- bug: 502 Bad Gateway while working with woocommerce REST API HOT 1
- bug: Docs ”simple_jwt_login_before_endpoint“ hook example HOT 1
- feature: Add extra information for Hooks checkboxes
- bug: Meta data does not save in create use endpoint HOT 3
- Add PR Welcome badge HOT 1
- bug: update password route (PUT) responses are inconsistent
- bug: update password route (PUT) responses are inconsistent HOT 1
- bug: Invalid email while register HOT 1
- feature: Parse only Bearer tokens and or unnamed tokens
- feature: social login/register integration HOT 2
- bug: performance issue 500ms -> 4000ms when check endpoints
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simple-jwt-login.