WP Login and Register using JWT

विवरण

The WordPress Login and Register using JWT plugin allows you to log in (WordPress Single Sign-On) into the WordPress application using the JWT token(JSON Web token) from any other WordPress site or other applications/platforms including mobile applications.

WORDPRESS SINGLE SIGN-ON / SSO ( LOGIN INTO WORDPRESS )
WordPress Single Sign-On also simply called WordPress SSO allows you to login into WordPress using the credentials of other platforms.

WORDPRESS SINGLE SIGN-ON / SSO using JWT(JSON Web Token)
WordPress Single Sign-On with JWT allows you to log into the WordPress site using the user based JWT token obtained externally.
The JWT token authentication is the most popular way of authentication nowadays as it is a secure and lightweight protocol. The JWT token can be obtained either when a user logs into other platforms via OAuth/OpenID protocol or can be created explicitly using the user information and secure algorithms.
With this plugin, you can easily use the user based JWT token to log a user in rather than asking them to authenticate again.

Let’s take an example – If you have a WordPress site and mobile app, now if you are logged into the mobile app, now if you try to access the WordPress site, then to access the particular content, the WordPress site will ask for login again and which is not feasible, so with the JWT SSO (JWT Single Sign-On), you can create the JWT token for the user who is already logged into the mobile app and then on accessing the WordPress site, you can pass that JWT token, using which the same user can authenticate and autologin to the WordPress site and hence won’t need to enter the credentials again.

This plugin provides a REST API endpoint(/wp-json/api/v1/mo-jwt) by which requesting with the valid username and password in the body returns the JWT token and that token can be used to autologin into the WordPress site.

The plugin also provides the feature to register(create) users in WordPress securely using the register API endpoint provided by the plugin and on successful user registration, the API will return the JWT token for the registered user in the response which can be used further to login user in WordPress or other platforms.

The feature to delete the user from WordPress via API endpoint is also available using, just passing the user based JWT token of that user to be deleted in the request body results in user deletion.

We support possibly all kinds of JWT tokens (access-token/id-token) obtained from OAuth/OpenID providers like Microsoft Azure AD, Azure B2C, Okta, Keycloak, ADFS, AWS Cognito, Google, Facebook, Apple, Discord and popular applications like Firebase.

WordPress login using the JWT also called JWT SSO (Single Sign-On) can be done from other platforms and applications including mobile apps (android or IOS), an app built with other programming languages like .NET, JAVA, PHP, JS etc.

WORDPRESS SINGLE SIGN-ON / SSO using OAuth/OpenID Connect provider
If you are looking for WordPress Single Sign-On in WordPress with external OAuth/OpenID credentials providers like Microsoft Azure AD, Azure B2C, Office 365, AWS Cognito, Okta, Keycloak, Discord, ADFS, WS02, Strava, Slack, Google, Facebook, Apple, LinkedIn etc such that your users will just need to enter their OAuth/OpenID provider’s app credentials, and they will get logged in to the WordPress, then we already have our other awesome and widely popular plugin – WordPress OAuth Single Sign-On: SSO (OAuth Client).

WordPress REST API endpoints Security
By default, the WordPress REST API endpoints are public and can be accessed by anyone and lead to data leakage while some REST APIs are protected by default but do not let you access the data unless you are authorized to do so. To help you out with this, we already have a plugin – WordPress REST API Authentication which you can use to authenticate and authorize your WordPress REST API endpoints hence only authenticated and authorized users are allowed to access the requested data.

USE CASES

• Single Sign-On Users using the JWT token provided by OAuth/OpenID providers
  This WordPress login and register using the JWT plugin supports the WordPress Single Sign On (WordPress SSO) or WordPress login using the user based JWT token (id-token/access-token) provided by the OAuth/OpenID Connect providers (like Microsoft Azure AD, Azure B2C, AWS Cognito, Keycloak, Okta, ADFS, Google, Facebook, Apple, Discord and many more..) on login in some other sites/applications using their credentials.
  So, the user just needs to log in once on any other sites/platforms and a JWT token will be provided by these providers for those users will then be used further with security to autologin in other platforms.

• WordPress login and site access from mobile app webview
  Suppose you have a mobile application and wants to allow users to access their WordPress site content in the mobile app webview which requires a login so asking the users to enter the credentials again won’t be a good user experience. So, our JWT login plugin provides a solution to you in which the user session from the mobile app can be synchronized with the WordPress site and the user can seamlessly access the WordPress site using the user based JWT token without the need for a WordPress login again.

• Login into other apps and platforms using WordPress credentials
  Suppose you have a WordPress site in which all the user identities are stored and you have other applications as well, so for a good user experience, you want them to use the same set of credentials (one which they used to register on the WordPress site) to login to these other applications as well. Now, on your application login form, when they enter their WordPress login credentials, then it will require authentication with the WordPress directly. So, our plugin can help you with this.
  It provides the following HTTP POST API endpoint:

  /wp-json/api/v1/mo-jwt

in which you need to pass the user’s WordPress credentials in the request body and on a successful response, you will get the user based JWT token which you can use further to authenticate or login users in other applications and will return an error response for unauthenticated users.

• Register into WordPress using user registration API from any external platforms:
  If you want to register a user on your WordPress site from another application or external platform then our plugin provides a following HTTP POST API endpoint

  wp-json/api/v1/mo-jwt-register

and you can pass the new user details like username, email, name and password(optional), role etc. in the request body and on successful response, your user will get created and the corresponding user based JWT will be received and the appropriate error response will be returned on the failure.

• Delete/Remove users from WordPress using the user based JWT token (JSON Web Token)
  If you want to delete the user from WordPress using the API request from other platforms securely, then WordPress Login with JWT plugin provides a following HTTP POST API endpoint

  wp-json/api/v1/mo-jwt-delete

and you can pass the user based JWT of the user which you want to delete and on the successful response, the user will get deleted else an appropriate error response will be returned.

• Sync user login sessions between multiple platforms (Session sharing)
  If you have a WordPress site and other applications sharing the same subdomain and you want the feature in which if a user logged into one site (WordPress or another) and on accessing the other site in the same browser, then that user should get logged in automatically (user session to be synchronized). So, this feature is possible to have with our plugin’s JWT cookie-based session sharing feature.

Features

FREE PLAN

Create JWT feature

• Supports token generation using HS256 signing algorithm.
• JWT token signing with randomly generated secret signing key.
• Default token expiration is 60 minutes.

User Registration feature

• Provide an API endpoint for user registration with the default subscriber role.
• Provide user based JWT token in the success response.
• No Extra Security key for user registration API.

User Deletion feature

• Provide an API endpoint for user deletion with JWT token validation using the HS256 signing algorithm.
• No Extra Security key for user deletion API.

User login feature

• Allows wordpress login using a user based JWT with HS256 signing created using plugins create JWT feature.
• Retrieve the JWT token from the URL parameter to allow auto-login.
• Auto redirection on login to the homepage or on the same page/URL from where the autologin is initiated.
• Default Subscriber role on login using JWT.

PREMIUM PLAN

Create JWT feature

• Supports token generation using HS256 and a more securer RS256 signing algorithm.
• JWT token signing with custom secret signing key or certificate.
• Custom token expiration to expire the token as per your requirement to improvise security.
• Custom JWT token decryption key.

User Registration feature

• Provide an API endpoint for user registration with a custom role.
• Provide user based JWT token in the success response.
• Extra Security key for user registration API.

User Deletion feature

• Provide an API endpoint for user deletion with JWT token validation using the HS256 signing algorithm.
• Extra Security key for user deletion API.

User login feature

• Allows wordpress login using a user based JWT with HS256 signing created either using plugins create JWT feature or JWT token obtained from an external source.
• Allows wordpress login using a user based JWT with RS256 signing validation.
• Allows wordpress login using a user based JWT with JWKS validation support.
• Allows wordpress login using a user based JWT obtained from OAuth/OpenID Connect provider.
• Retrieve the JWT token from the URL parameter and cookie to allow auto-login between platforms.
• Auto redirection on login to the homepage or on the same page/URL from where the autologin is initiated.
• Auto redirection on login to any custom URL.
• User Attribute/Profile mapping on SSO login.
• Option to assign any WordPress role rather than default subscriber on SSO login.

Privacy

This plugin does not store any user data. This plugin uses login.xecurify.com for registration as miniOrange uses login.xecurify.com if the user chooses to register and upgrade to premium. If the user does not want to register then he can continue using the free plugin. (Link to the privacy policy – https://www.miniorange.com/privacy-policy.pdf )