We're using JWT for authenticating our WordPress application with an external service. The current flow we're thinking of is like this:
- The user signs in on the the parent site
- The parent site sends a POST request with the user information and the JWT token to the WordPress site
- The WP site stores the JWT token
- The token is checked for expiry every time the user visits a new page, and if the token is expired, the user will be redirected to the parent site for logging in again.
My questions:
- Is this the right approach?
- How do I store the JWT token? A cookie? Or in the database, with the user's information as a unique identifier? Note: The users will not be registered on the WP site.
- How do I check for expiry?
Are there any libraries that would simplify my task? There is a plugin for JWT but no documentation for it, hence I am not sure if it will serve my purpose.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire