Step 1: Install the JWT Authentication for WP-API Plugin
- Download and Install the Plugin:
- Go to your WordPress dashboard.
- Navigate to Plugins > Add New.
- Search for JWT Authentication for WP-API.
- Click Install Now and then Activate.
- Alternative Manual Installation:
- Download the plugin from the WordPress repository.
- Upload the plugin folder to your
/wp-content/plugins/directory. - Activate the plugin from the Plugins page in your WordPress dashboard.
Step 2: Configure the Plugin in wp-config.php
After installing the plugin, you need to configure it by adding specific constants to your wp-config.php file.
- Open the
wp-config.phpfile:- You can find this file in the root directory of your WordPress installation.
- Add the JWT Configuration:
- Add the following lines of code to your
wp-config.phpfile, ideally above the line/* That's all, stop editing! Happy blogging. */.
- Add the following lines of code to your
// JWT Authentication for WP-API Configuration
define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');
define('JWT_AUTH_CORS_ENABLE', true);
JWT_AUTH_SECRET_KEY: This should be a unique and secure key used for signing your JWT tokens. Replace'your-top-secret-key'with a complex string. You can use an online generator to create a strong key.JWT_AUTH_CORS_ENABLE: This is optional and should be set totrueif you are accessing your API from a different domain or a frontend application like React or Angular.
Step 3: Ensure Permalinks are Set to Post Name
The plugin requires pretty permalinks to be enabled.
- Check Permalink Settings:
- Go to your WordPress dashboard.
- Navigate to Settings > Permalinks.
- Ensure that Post name is selected.
- Click Save Changes if any modifications are made.
Step 4: Test the JWT Authentication
- Get a JWT Token:
- Use a tool like Postman to make a
POSTrequest to your authentication endpoint:
- Use a tool like Postman to make a
POST https://yourdomain.com/wp-json/jwt-auth/v1/tokenIn the body of the request, include your WordPress username and password:
{
"username": "your_username",
"password": "your_password"
}
Verify the Response:
- You should receive a response containing a JWT token if the authentication is successful.
Below Code include and login with email or username with above same route
// _ _
// | | ___ __ _ (_) _ __
// | | / _ \ / _` | | | | '_ \
// | |___ | (_) | | (_| | | | | | | |
// |_____| \___/ \__, | |_| |_| |_|
// |___/
// https://pahona.org/api/wp-json/jwt-auth/v1/token/
// {
// "username": "testuser",
// "password": "password123"
// }
// ____ _ _ _
// / ___| _ _ ___ | |_ ___ _ __ ___ | | ___ __ _ (_) _ __
// | | | | | | / __| | __| / _ \ | '_ ` _ \ | | / _ \ / _` | | | | '_ \
// | |___ | |_| | \__ \ | |_ | (_) | | | | | | | | |___ | (_) | | (_| | | | | | | |
// \____| \__,_| |___/ \__| \___/ |_| |_| |_| |_____| \___/ \__, | |_| |_| |_|
// |___/
// https://pahona.org/api/wp-json/jwt-auth/v1/token/
function custom_login_with_email_and_get_jwt_token( $email, $password ) {
// Retrieve user by email
$user = get_user_by( 'email', $email );
if ( ! $user ) {
return new WP_Error( 'user_not_found', 'User not found for the provided email.', array( 'status' => 404 ) );
}
$username = $user->user_login;
// Prepare data for JWT token request
$token_request_data = array(
'username' => $username,
'password' => $password,
);
// Send POST request to external JWT token endpoint
$token_request = wp_remote_post( 'https://pahona.org/api/wp-json/jwt-auth/v1/token/', array(
'method' => 'POST',
'body' => $token_request_data,
'sslverify' => false, // Set to true in production unless you have SSL issues
) );
if ( is_wp_error( $token_request ) ) {
return new WP_Error( 'jwt_token_error', 'Error sending JWT token request.', array( 'status' => 500 ) );
}
$token_response = json_decode( wp_remote_retrieve_body( $token_request ) );
if ( isset( $token_response->token ) ) {
// Token received successfully
return $token_response->token;
} else {
return new WP_Error( 'jwt_token_error', 'Invalid response from JWT token endpoint.', array( 'status' => 500 ) );
}
}