Hello everyone,
I’m working with the Simple JWT Login plugin on a WordPress project, and I’ve encountered an issue with the password reset functionality. Below is a detailed description of the problem and what I’ve attempted so far:Problem Description
When attempting to reset a password via the plugin’s REST endpoint, I always receive a success response ({"success":true,"message":"User Password has been changed."}) regardless of whether the request is processed correctly or not. The response does not reflect the actual state of the operation, and the user’s password is not updated.
I’m using the following curl command to make the PUT request:
curl -v --location --request PUT 'https://aws.domain.com/wp/?rest_route=%2Fsimple-jwt-login%2Fv1%2Fuser%2Freset_password' \ --header 'Content-Type: application/json' \ --data-raw '{ "email": "[email protected]", "code": "moOx8Onxj79RX721sAIr", "new_password": "123456" }'
What I’ve Tried
Environment
Request for Help
Has anyone encountered a similar issue or have any idea what might be causing the password reset endpoint to always return a success response without actually changing the password? Any advice or suggestions would be greatly appreciated.
Thank you in advance for your help.
]]>Hello, can you confirm if the token validity time is set from the page “Authentication”: /wp-admin/admin.php?page=main-page-simple-jwt-login-plugin, using the setting “JWT time to live”?
I tried to change, for example, to 1 minute, but the token does not seem to expire.
If not, where can I set this?
Thank you!
]]>Is there a way to generate token and refresh token without user credentials?
I’m trying to implement a custom login method and I need to generate token and refresh token using user ID.
thanks.
]]>Great plugin! I need only to get a way to set a length of reset password code. Right now it has 20 characters and is very complex. I need to set it more simple (length and type, like only letters, only numbers, or combinations…).
A workarround if this is not implemented yet.
Hello.
I have already a jwt token from simple-jwt-login/v1/auth endpoint.
However, when I sent the post request via simple-jwt-login/v1/auth/validate endpoint from postman, I get:
“success”: false,
“data”: {
“message”: “Unable to find user property in JWT.”,
“errorCode”: 30
}
I have tried Bearer token and JWT Bearer. In the case about JWT Bearer, Ι write the secret key and the payload. I verifyed the token into https://jwt.io/ and everything is ok.
How to use this token on postman?
Thank you.
]]>Hi Team,
When Simple JWT plugin is enabled in my WordPress account, I am not able to use the WooCommerce mobile app and shows error message as “Error fetching data”. Is there a way to resolve this issue?
]]>I think it’s because bedrock uses bcrypt instead of md5….
]]>The problem is a single user can created so many JWT and all the JWT will be valid within the specific time and when we use a JWT to get a refresh token the older token still alive and we get one more token.
I want to make it something at a time a single token should be alive. And when I request a new token using refresh token, I should get the new token but the older token should auto revoke once I get a new token. Please let me know if this can be done with existing settings or do I need to write custom code?
]]>Hello, thanks for the good stuff.
I try to use it in network mode but it seems to be not working. When I update an option in a network site, it saves the data but does not update the dashboard as if it needs something more. Moreover, the Simple JWT import/export doesn’t see the Simple JWT module.
I changed the *_option by *_site_option in WordPressData but it doesn’t seem to be enough.
Have you got an idea?
Thanks a lot,
JC
]]>Hello,
We are a bit inexperienced with all this and are not quite sure how it works or if we have set it up wrong.
We have followed the documentation and we think we are all set, however, we don’t know how to make the system take the variables (JWT, access data) for the autologin of the different users.
Do we have to create a script?
Does the plugin do it by itself?
Are we missing something?
Please give us some guidance.
Thank you very much.
Best regards
Facing >>Wrong user credentials. In authentication using email and password showing showing this error. mysite.com/wp-json/simple-jwt-login/v1/auth in this endpoint i am checking from postman facing Wrong user credentials issue
]]>Hi, my site is flooded with these warnings from simple-jwt-login, im not sure why, does anyone know what could be the cause?
PHP Warning: Trying to access array offset on value of type bool in /var/www/html/app/wp-content/plugins/simple-jwt-login/src/Services/ProtectEndpointService.php on line 42
thanks
]]>Hello Nicu,
Amazing plugin you developed.
In our current application setup, we have a two-factor authentication (2FA) system. However, I’ve noticed a potential security concern. When a user tries to authenticate via the /auth route, our system immediately generates a JWT token. This token can already be used to make API requests and perform CRUD operations without the 2FA process being completed.
My goal is to adjust this flow so that:
I’m contemplating creating a custom API route that uses wp_authenticate(). However, I’m unsure if there’s a Simple JWT hook that triggers right before the authentication process initializes. I’d like to leverage this hook to check the email verification code and, if valid, proceed with the authentication and JWT generation.
Could you advise on the feasibility of this approach or suggest any alternative methods to achieve this desired flow?
Thank you for your guidance.
]]>I use the plugin with React. How can I update a user’s user meta? If I use the POST method with the endpoint https://website.com/wp-json/wp/v2/users/1 it gives me an error with a “rest_cannot_edit” message. Do I have to use the plugin endpoints? And which?
]]>Is it possible to both automatically create the user (if they don’t exist) and auto-login the user with just an email address?
]]>First, thank you for this helpful plugin.
I was wondering if there is a function or public class in your plugin that is responsible for generating JWT.
by just using user_id or user object?
I found the function in another plugin, but it does not provide all the functionality you guys do.
So I was wondering if there are any.
Thank you.
]]>Hello,
I’ve integrated your simpleJWT plugin into a React Native mobile application I’ve developed, which shares the same database with a WordPress website.
I’ve encountered a specific issue with the registration API when using the password “fm3Rx:%5DT48p@6G”. It appears that the password stored in the database differs from the one provided during registration. My suspicion is that certain special characters in this password might be causing this inconsistency.
While attempts to authenticate via the WordPress site consistently fail with a ‘wrong password’ error, logging in through the simpleJWT API with the same credentials always succeeds. This behavior suggests there might be different handling or interpretation of this password between the WordPress authentication mechanism and the simpleJWT API.
I’d appreciate any guidance or support you can provide in resolving this issue.
Thank you!
]]>Hi,
We are seeing an intermittent issue when using the auto-login call. Please see the video below. Any ideas or comments would be greatly appreciated.
]]>Is there a way to set the user’s role when registering a user? If that’s not doable for some reason is there a way we should do it instead? Thanks!
]]>Hi,
I have successfully integrated it with login & register functonality. i want to use it with woocommerce endpoint, when i called the woocommerce end point then it showing error “{ “code”: “woocommerce_rest_cannot_view”, “message”: “Sorry, you cannot list resources.”, “data”: { “status”: 403 } }” . I have enabled the setting from ?“All WordPress endpoints checks for JWT authentication”. I tried to pass the JWT Token as header/ as authorization?but this is not working. Any hepl?
Hello and thanks for your plugin.
I was wondering if there’s a way to reset the user email and username the same way we reset the password?
Or could I use some hook to complete this task?
Thank you.
]]>I can’t seem to find any documentation about this on the plugin website, but does this plugin make it possible to pass an authenticated session via JWT token along with wp-json GET calls in order to retrieve protected post contents?
It seems like the only thing I can accomplish with this plugin is to authenticate and then redirect to a rendered HTML page, or else retrieve a general “success” json payload. If I add the bearer token to a regular wp-json call, protected post contents remain blocked as if the user is not authenticated at all.
Am I missing something? Thanks.
]]>Hi,
on local environment all is OK. But on staging I have strange problem.
Authentication is OK with username and password and I receive token, but when I use this token in Header as Bearer i got strange error:
{
“code”: “invalid_username”,
“message”: “<strong>Error:</strong> The username <strong>{\”typ\”</strong> is not registered on this site. If you are unsure of your username, try your email address instead.”,
“data”: null
}
any ideas?
]]>Hello,
I have a question to the following topic “jsonwebtoken has insecure input validation in jwt.verify function”, seeing here:
https://github.com/advisories/GHSA-27h2-hvpr-p74q
…or here:
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
Is the plugin affected by this as well and if so, when will there be an update?
Best regards,
Ben
Hi Team,
I’m trying to populate user_meta which I’ve created with ACF custom fields plugin but it’s not working.
Users are creating perfecting but it’s not populating the user_meta value.
“user_meta”: {
“profile_pic_id”: “ID HERE”
}
Can you help?
Is it possible to change or extend user login session of a user? Please advise
]]>Hey
showing some critical errors while updating the plugin. Can you please check your last update?
]]>Hi, We created a custom function in the theme function.php whereby we want to integrate this JWT login token to our email message.
example email content is the URL link “permalink&jwttoken” then user click on the link will direct login and bring to the page editor itself.
right now our function is not able to get this jwtlogin token, we want to know which hook or function is able to do this?
$url = get_permalink( $post, false );
$token = ‘MyTokenIsHere’; // insert JWT token generate function() here
$review_url = $url . ‘&JWT=’ . urlencode_deep($token);`
i have my custom login endpoint which logs in users using mobile number and otp (rest_route=/rad/v1/otp-login).
i want simple-jwt-login plugin a function to generate jwt.
then i control user login in my custom endpoint and return this jwt if user logged in with mobile and otp successfully.
(mobile number is stored in usermeta. like digits plugin. i mean that no email or password is required to login.)
i also provide bellow ways to login:
– login with mobile number and otp.
– login with username and password.
– login with email and password.
Is there a way to customize the way error are handled, so that if there is a signature error or user doesn’t exists, that the error can be displayed as HTML if the request is from a browser? So this way user don’t get stopped with a json error return code only on the page?
Thanks for this amazing plugin!