admin管理员组文章数量:1122846
I have been trying to validate jwt token inside theme function.php file.
I am not sure how to pass this jwt token validate inside this hook function. The following function is working without authorization header also I need to protect the endpoint using jwt authorization without this it should throw a error. lot of example showing javascript based function to fetch the details.
add_action( 'rest_api_init', function ($data) {
register_rest_route( 'jwt-auth/v1', 'sci', array(
'methods' => 'POST',
'callback' => 'update_payment_history',
'permission_callback' => '__return_true'
) );
/* register_rest_route( 'v1', 'certificates', array(
'methods' => 'POST',
'callback' => 'update_payment_history',
'permission_callback' => '__return_true'
) ); */
register_rest_route( 'jwt-auth', 'v1/token', array(
'methods' => 'POST',
'callback' => 'gettoken',
'permission_callback' => '__return_true'
) );
} );
function update_payment_history(WP_REST_Request $request) {
print_r( $request->get_param('transaction_id'));
exit;
}
I have been trying to validate jwt token inside theme function.php file.
I am not sure how to pass this jwt token validate inside this hook function. The following function is working without authorization header also I need to protect the endpoint using jwt authorization without this it should throw a error. lot of example showing javascript based function to fetch the details.
add_action( 'rest_api_init', function ($data) {
register_rest_route( 'jwt-auth/v1', 'sci', array(
'methods' => 'POST',
'callback' => 'update_payment_history',
'permission_callback' => '__return_true'
) );
/* register_rest_route( 'v1', 'certificates', array(
'methods' => 'POST',
'callback' => 'update_payment_history',
'permission_callback' => '__return_true'
) ); */
register_rest_route( 'jwt-auth', 'v1/token', array(
'methods' => 'POST',
'callback' => 'gettoken',
'permission_callback' => '__return_true'
) );
} );
function update_payment_history(WP_REST_Request $request) {
print_r( $request->get_param('transaction_id'));
exit;
}
2 Answers
Reset to default 2Once user hit the api endpoint will check the token valid or not and process the function send information to wordpress api end point with success details.
function update_payment_history(WP_REST_Request $request) {
if(!$request->get_header('authorization')){
return new WP_Error(
'jwt_auth_no_auth_header',
'Authorization header not found.',
array(
'status' => 403,
)
);
exit;
} else if($request->get_header('authorization')){
$response = wp_remote_post( 'https://example.com/wp-json/jwt-
auth/v1/token/validate', array(
'headers' =>array(
'Authorization' => $request->get_header('authorization'),
"Accept: application/json")
)
);
$check_code = json_decode( wp_remote_retrieve_body( $response ) );
if($check_code->data->status==200){
print_r( $request->get_param('status')); // get body parameters
exit;
}else{
return new WP_Error(
$check_code->code,
array(
'status' => $check_code->data->status,
)
);
exit;
}
}
}
so many words
function check_jwt_token() {
$auth = apply_filters('determine_current_user', null);
if (empty($auth)) {
return new WP_Error('rest_forbidden', __('The token was not found or is invalid.'), array('status' => 403));
}
return true;
}
and then
register_rest_route('wp/v2', '/bla-bla/bla', array(
'methods' => 'POST',
'callback' => 'bla-bla',
'permission_callback' => 'check_jwt_token'
));
本文标签: WP rest api endpoint protection using jwt token
版权声明:本文标题:WP rest api endpoint protection using jwt token 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736296509a1929812.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
update_payment_history? If so, the answer is you do not, that's the function that handles the endpoint if the user has permission, JWT and authentication happens elsewhere. Have you checked the REST API handbooks section on authentication? – Tom J Nowell ♦ Commented Aug 16, 2022 at 15:04