User login via JWT from JWT Authentication for WP REST API Plugin?

Hi there,
I was able to get it working by using the same secret key. It turns out I needed to set the JWT paramter key to data instead data.user.id to access the user id.

Hi @lejager

I’m experiencing he same problem you were facing here, but in my case, setting the JWT parameter key to data.user.id hasn’t solved the problem.

Would you mind helping me?

On wp-config.php, I have several variables for JWT settings:

AUTH_KEY
SECURE_AUTH_KEY
LOGGED_IN_KEY
NONCE_KEY
AUTH_SALT
SECURE_AUTH_SALT
LOGGED_IN_SALT
NONCE_SALT
and
JWT_AUTH_SECRET_KEY

I know theses setting are working because a POST request to {base-url}/wp-json/jwt-auth/v1/token with a username and password brings a response with a token key…

…and I know this token value (JWT) is valid because:
– I can validate it by verifying its signature with ‘AUTH_KEY’ (AUTH_KEY_VALUE);
– I can decode it and its decoding brings:
– header: {
“typ”: “JWT”,
“alg”: “HS256”
}
– payload: {
“iss”: {base-url},
“iat”: 1585476672,
“nbf”: 1585476672,
“exp”: 1586081472,
“data”: {
“user”: {
“id”: “1247”
}
}
}

On Simple JWT Login Settings I defined:

– General tab:
– JWT Decryption Key / JWT decryption signature: JWT_AUTH_SECRET_KEY
– JWT Decrypt Algorithm: HS256

– Auth Codes tab:
– Auth Code URL Key: “auth_key”
– Auth Codes: AUTH_KEY

– Auth Codes tab:
– Allow Auto-Login as Yes
– Auto-Login Requires Auth Code: I’ve tried both “No” and “Yes” which brings different erros
– JWT Login Settings: I’ve tried both “Log in by Email” and “Log in by WordPress User ID”
– JWT parameter key: I’ve tried: data.user.id, user.id, id, etc, etc.. o difference

I’m trying to autologin via browser or Postman via GET request to:
– when Auto-Login Requires Auth Code: No => {base-url}?rest_route=/simple-jwt-login/v1/autologin&jwt=JWT
– its response is: {
“success”: false,
“data”: {
“message”: “Signature verification failed”,
“errorCode”: 11
}
}
– when Auto-Login Requires Auth Code: Yes => ?rest_route=/simple-jwt-login/v1/autologin&jwt=JWT&auth_key=AUTH_KEY_VALUE
– its response is: {
“success”: false,
“data”: {
“message”: “Invalid Auth Code ( auth_key ) provided.”,
“errorCode”: 27
}
}

Why AUTH_KEY_VALUE is said to be invalid if its its signature it verified?
What I doing wrong here?

Thank you very much.

Hey @nicolascorbellini

The key for me was setting it to Login by WordPress User Id and then putting data.user.id as the JWT parameter key. Also make sure your JWT_AUTH_SECRET_KEY is the same as the JWT Decryption Key in the plugin settings.

Hope that helps! Good luck

Hi @lejager

Thanks for the reply.

In the autologin URL, do you remember if you were able to login using JWT token only or JWT token and the Auth Code? Or it didn’t matter?

Thanks.

@nicolascorbellini sorry, don’t quite remember. I know I have one set up now, so it may have been necessary to make the log in work.