lundi 5 octobre 2015

JWT authentication with WP - Approach

We're using JWT for authenticating our WordPress application with an external service. The current flow we're thinking of is like this:

  1. The user signs in on the the parent site
  2. The parent site sends a POST request with the user information and the JWT token to the WordPress site
  3. The WP site stores the JWT token
  4. The token is checked for expiry every time the user visits a new page, and if the token is expired, the user will be redirected to the parent site for logging in again.

My questions:

  1. Is this the right approach?
  2. How do I store the JWT token? A cookie? Or in the database, with the user's information as a unique identifier? Note: The users will not be registered on the WP site.
  3. How do I check for expiry?

Are there any libraries that would simplify my task? There is a plugin for JWT but no documentation for it, hence I am not sure if it will serve my purpose.



via Chebli Mohamed
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)