For some of your users, you may want to provide some special services/products/articles. Here you need to check “if those users have the right access”. This is a scenario where JWT web token can be a good option. Generate unique tokens for users and check tokens when they are trying to get those special services/products. If his/her token gets a match, then authorize them for the service.
Let’s see how we can create a process of JWT token on WordPress for authorization. I’m assuming we’ve got a token saved on the options table in auth_token
key.
At first, we’ll create a custom route that excepts post request. Then we’ll match the token when we get a request from this route. If a match found we’ll do something, else we’ll send an error message.
So let’s create a custom route…
function plugin_name_create_route() { add_action( 'rest_api_init', function() { register_rest_route( 'plugin_name/api', '/token/', array( 'methods' => 'POST', 'callback' => 'plugin_name_route_api', 'permission_callback' => function() { return ''; } ) ); } ); }
We can add a callback function in register_rest_route arguments, when the user sends requests, that callback method fires It takes the request as a parameter and then sends a response. permission_callback
is another required arguments. It expects a function. You can add who can access this route in permission_callback or other checks.
Now Let’s write that callback function…
function plugin_name_route_api( \WP_REST_Request $req ) { $auth_token = get_option( 'auth_token' ); $headers = $req->get_headers(); $token = $headers['authorization'][0]; }
We can get request headers from get_headers
method of WP_REST_Request
class. Then just check for a match with the token that we’ve saved on the database. If don’t match then send statusCode 401
. You can set the response status code with WP_Error
class. Otherwise, send a success message as a response.
if ( $auth_token != $token ) { return new WP_Error( '401', esc_html__( 'Not Authorized', 'text_domain' ), array( 'status' => 401 ) ); } return json_encode( ['message' => 'Successfully Authenticated…'] );