Remember login

  • Resolved ajfix

    (@ajfix)


    3 years, 6 months ago

    I’ve been using this plugin to log in users to our WordPress site with external accounts and it works like a charm.

    But one thing I can’t figure out is how to mimic the “Remember me” functionality that WordPress’s built-in login system has. Right now users are logged out after a pretty short duration, so I was hoping there was a way to keep them logged in for longer.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi ajfix
    How are you persisting users? Are you storing the JWT in local storage and refreshing it if it’s expired? As I recall, under the default setting the jwt expires quickly (60 mins) but can be refreshed for up to 2 weeks. That’s set using the “refresh time to live” setting. And the endpoint by that setting is the end point you use to refresh expired tokens. Is that any help?

    T

    Thread Starter ajfix

    (@ajfix)

    That is useful, thank you for the response. We get the JWT token inside our app and refresh it from there when it expires (it expires in 60 minutes). In a couple places the user gets redirected to our website from the app and passes the JWT so they get automatically logged into the website.

    So is this plugin expiring the WordPress login when the token expires? My impression is that WordPress is using cookies to persist logins, so I’m hoping there might be a way to wait longer than the token’s lifetime.

    Hi
    Yes, if the JWT expires then the login expires. So I think the flow should go like this:

    Firstly, in the Simple JWT plugin settings on the Authentication tab let’s assume you have the default settings of:

    • JWT Time to Live = 60 (60 minutes until token expires)
    • Refresh Time to Love 20160 (20160 minutes (two weeks) during which a token can be refreshed)

    So when a user logs in, a JWT is created and stored in localstorage.

    Whenever there is a need to communicate with the database, first the app needs to check if the JWT is valid – you do this by sending it to the “Validate JWT URL” endpoint as shown on the same authentication tab in the plugin settings.

    If that JWT is valid (ie, it’s still within an hour of log in) then all good. If more than a hour has passed, and that validation therefore fails, the app must then attempt to refresh the JWT using the “Refresh JWT URL” endpoint in the same authentication tabe in the plugins settings. If the original JWT is less than 2 weeks old, then a new JWT will be returned which can be stored in localstorage and thus the user is persisted longer than the 60 minute TTL. All of this can happen in the background, the user needn’t do anything.

    If the JWT was more than 2 weeks old, the app will have to direct the user to log in again manually.

    I don’t think I can put a link here, but if you search youtube for “simple jwt plugin react” there is a video of the whole process in operation.

    Hope that helps!

    Thread Starter ajfix

    (@ajfix)

    Thank you for the explanation!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Remember login’ is closed to new replies.