I am working on generating a JWT token for the users who log in to my site using a plugin JWT Auth and that token will be used for a external dashboard.
The issue that I am facing is that for generating a JWT token you need to pass username
and password
as form-data
to /wp-json/jwt-auth/v1/token
endpoint but the password that is stored in the database is hashed and cannot be decrypted so what is the solution for this? I cannot send plain text password to the endpoint.
Looking forward to your suggestions.
2 Answers
For the developers who are facing the similar issue here is what I have done to achieve the desired results.
The best way would be to develop the functionality from scratch but due to a tight deadline I opted to modify the JWT Auth Plugin
I have modified the method get_token
in the file class-auth.php
. What I have done is that at first the method was looking for params username
and password
and I have modified it to receive userID
as the param required. Why userID
? It is because I am running a cURL
call to get the user data after the user sign in. Here is the code for the get_token
method if anyone wants to use it. Although it was a small modification but it produces the required results. Thank you all for the suggestions. Happy Coding
public function get_token(WP_REST_Request $request)
{
$secret_key = defined('JWT_AUTH_SECRET_KEY') ? JWT_AUTH_SECRET_KEY : false;
$userID = $request->get_param('user_id');
$custom_auth = $request->get_param('custom_auth');
// First thing, check the secret key if not exist return a error.
if (!$secret_key) {
return new WP_REST_Response(
array(
'success' => false,
'statusCode' => 403,
'code' => 'jwt_auth_bad_config',
'message' => __('JWT is not configurated properly.', 'jwt-auth'),
'data' => array(),
)
);
}
// Getting data for the logged in user.
$user = get_user_by('id', $userID);
// If the authentication is failed return error response.
if (!$user) {
// $error_code = $user->get_error_code();
return new WP_REST_Response(
array(
'success' => false,
'statusCode' => 403,
'code' => 404,
'message' => 'User does not exists.',
'data' => array(),
)
);
}
return $this->generate_token($user, false);
}