前言介紹
- 這款 WordPress 外掛「WP Login and Register using JWT」是 2021-09-12 上架。
- 目前有 200 個安裝啟用數。
- 上一次更新是 2025-02-17,距離現在已有 75 天。
- 外掛最低要求 WordPress 3.0.1 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.6 以上。
- 有 4 人給過評分。
- 論壇上目前有 1 個提問,問題解答率 0%
外掛協作開發者
外掛標籤
api | jwt | login | json web token | Single Sign-on |
內容簡介
WordPress Login and Register using JWT 是一款外掛,它允許您使用來自其他 WordPress 網站或其他應用程式/平台(包括移動應用程式)的 JWT 憑證 (JSON Web Token) 登入 WordPress 應用程式 (WordPress 單一登入)
WordPress 單一登入 (SSO),也被稱為 WordPress SSO,允許您使用其他平台的登入憑證登入 WordPress。
使用 JWT (JSON Web Token)的 WordPress 單一登入 / SSO
使用 JWT 的 WordPress 單一登入允許您使用從外部獲取的以使用者為基礎的 JWT 憑證登入 WordPress 網站。
JWT 憑證認證是當今最流行的身分驗證方式之一,因為它是一種安全且輕量級的協定。JWT 憑證可以通過使用者通過 OAuth/OpenID 協定登入其他平台時獲取,也可以通過使用使用者信息和安全演算法來明確創建。
透過這個外掛,您可以輕鬆地使用以使用者為基礎的 JWT 憑證來登入使用者,而不必要求他們再次進行身分驗證。
讓我們舉一個例子 - 如果您有一個 WordPress 網站和移動應用程式,現在如果您已經登入移動應用程式,現在如果您嘗試訪問 WordPress 網站,那麼為了訪問特定內容,WordPress 網站會再次要求登入,這並不可行,因此透過 JWT SSO (JWT 單一登入),您可以為已經登入移動應用程式的使用者創建 JWT 憑證,然後在訪問 WordPress 網站時,您可以傳遞該 JWT 憑證,使用該憑證即可驗證和自動登入 WordPress 網站,因此不需要再次輸入登入憑證。
此外掛提供了一個 REST API 端點(/ wp-json / api / v1 / mo-jwt),通過在主體中使用有效的使用者名稱和密碼請求,可以返回 JWT 憑證,該憑證可以用於自動登入 WordPress 網站。
這個外掛還提供了一個安全地使用外掛提供的註冊 API 端點在 WordPress 中註冊(創建)使用者的功能,並在用戶成功註冊後,API 會在回應中返回已註冊用戶的 JWT 憑證,該憑證可進一步用於登入 WordPress 或其他平台。
使用 API 端點從 WordPress 中刪除使用者的功能也可用,只需將該使用者的 JWT 憑證傳遞到請求主體中即可刪除使用者。
我們支援可能從 OAuth/OpenID 提供者(例如 Microsoft Azure AD、Azure B2C、Okta、Keycloak、ADFS、AWS Cognito、Google、Facebook、Apple、Discord 和受歡迎的應用程式,例如 Firebase)獲取的各種類型的 JWT 憑證(存取憑證/ ID 憑證)。
從其他平台和應用程式(包括移動應用程式 (Android 或 IOS),以及使用其他程式語言(如 .NET、JAVA、PHP、JS 等)構建的應用程式)中進行使用 JWT 的 WordPress 單一登入 / SSO 能夠實現。
如果您正在尋找使用外部 OAuth/OpenID 憑證提供者(例如 Microsoft Azure AD、Azure B2C、Office 365、AWS Cognito、Okta、Keycloak、Discord、ADFS、WS02、Strava、Slack、Google、Facebook、Apple、LinkedIn 等)在 WordPress 中實現 WordPress 單一登入 (SSO),以便您的使用者只需輸入其 OAuth/OpenID 提供者的應用程式憑證,他們就可以登入 WordPress,那麼我們已經有另一個真棒的且廣泛流行的外掛- WordPress OAuth Single Sign-On: SSO (OAuth Client)。
原文外掛簡介
The WordPress Login and Register using JWT plugin allows you to log in (Single Sign-On) into your WordPress application using the JWT token(JSON Web token) obtained from any other WordPress site or other applications/platforms including mobile applications. This helps users perform autologin to WordPress and synchronize user sessions without the need to log in again.
| Features | WordPress JWT Login Setup Guide | Videos |
WORDPRESS SINGLE SIGN-ON / SSO ( LOGIN INTO WORDPRESS )
WordPress Single Sign-On SSO also simply called WordPress SSO allows you to login into WordPress using the credentials of other platforms. So, the user will just use a single set of credentials to log in to multiple applications.
WordPress Single Sign-On / SSO using JWT(JSON Web Token)
WordPress Single Sign-On (SSO) with JWT allows you to log into the WordPress site using the user-based JWT token obtained externally when the user authenticates for the first time in any connected external application.
The JWT token authentication is the most popular way of authentication nowadays as it is a secure and lightweight protocol. The JWT token can be obtained either when a user logs into other platforms via OAuth/OpenID Connect protocol or can be created explicitly using the user information and secure algorithms.
With this plugin, you can easily use the user-based JWT token to log a user in rather than asking them to authenticate again.
Let’s take an example – If you have a WordPress site and mobile app, now if you are logged into the mobile app, now if you try to access the WordPress site, then to access the particular content, the WordPress site will ask for login again and which is not feasible, so with the JWT SSO (JWT Single Sign-On), you can create the JWT token for the user who is already logged into the mobile app and then on accessing the WordPress site, you can pass that JWT token in the request, using which the same user can authenticate and autologin to the WordPress site and hence won’t need to enter the credentials again.
It supports possibly all kinds of JWT tokens (access-token/id-token) obtained from OAuth/OpenID Connect providers like AWS Cognito, Microsoft Azure AD, Azure B2C, Okta, Keycloak, ADFS, Google, Facebook, Apple, Discord and popular applications like Firebase.
WordPress login using the JWT also called JWT SSO (Single Sign-On) can be done from other platforms and applications including mobile apps (android or IOS), an app built with other programming languages like .NET, JAVA, PHP, JS etc.
Major functionalities
WordPress Login Endpoint to create user-based JWT token
Plugin provides the following API endpoint, which can be used to authenticate WordPress users and returns a user-based JWT which can be used to create login sessions in WordPress and other external applications.
/wp-json/api/v1/mo-jwt
WordPress Login using JWT
This feature provides a way to auto-login users in WordPress using JWT obtained in a very secure way either via passing JWT token in the URL as a parameter, in the request header or shared via secured cookies.
WordPress user register API endpoint to create users in WordPress using API
This feature provides the following API endpoint to create users in WordPress in an easy way and on successful user registration, you will receive a JWT token in the response which can be used further for user login and WordPress REST API authorization.
wp-json/api/v1/mo-jwt-register
Delete/Remove users from WordPress using the user-based JWT token (JSON Web Token)
This feature provides an API endpoint using which you can pass the JWT token and can easily delete the user and revoke access.
wp-json/api/v1/mo-jwt-delete
More details for the plugin setup can be checked from here.
USE CASES
Login to External applications using WordPress credentials
If you are looking to authenticate your WordPress users to log in to external applications, then our plugin provides a login API endpoint using which you can easily authenticate WordPress users and can log in the users to those applications.
Single Sign-On Users using the JWT token provided by OAuth/OpenID providers
This WordPress login and register using the JWT plugin supports the WordPress Single Sign On (WordPress SSO) or WordPress login using the user-based JWT token (id-token/access-token) provided by the external OAuth/OpenID Connect providers (like Microsoft Azure AD, Azure B2C, AWS Cognito, Keycloak, Okta, ADFS, Google, Facebook, Apple, Discord and many more..) on login in some other sites/applications using their credentials.
So, the user just needs to log in once on any other sites/platforms and a JWT token will be provided by these providers for those users will then be used further with security to autologin in other platforms.
Automatic WordPress login and site access from mobile app web view | Synchronize WordPress session in the mobile app web view
Suppose you have a mobile application and want to allow users to access their WordPress site content in the mobile app web view which requires a login so asking the users to enter the credentials again won’t be a good user experience. So, our JWT login plugin provides a solution to you in which the user session from the mobile app can be synchronized with the WordPress site and the user can seamlessly access the WordPress site using the user-based JWT token without the need for a WordPress login again.
Automatic session synchronization between WordPress and other applications built on React, Node, Next JS, Flutter, Angular, Java, PHP, and C# ….
Suppose you have a WordPress site connected to any external application built on any framework, then if you want a feature that if a user is logged in to any one application, should be automatically logged in to another as well. This can be easily achieved using the secure JWT.
Session sharing between WordPress and other applications sharing the same subdomain (hosted on the same domain)
Suppose you have a WordPress site and other applications hosted on the same subdomain, such that if the user logs in to any one application, then can be auto-logged into other connected applications on that domain using secure cookie-based JWT token sharing.
an pass the new user details like username, email, name and password(optional), role etc. in the request body and on successful response, your user will get created and the corresponding user-based JWT will be received and the appropriate error response will be returned on the failure.
Sync user login sessions between multiple platforms (Session sharing)
If you have a WordPress site and other applications sharing the same subdomain and you want the feature in which if a user logged into one site (WordPress or another) and on accessing the other site in the same browser, then that user should get logged in automatically (user session to be synchronized). So, this feature is possible to have with our plugin’s JWT cookie-based session-sharing feature.
Features
FREE PLAN
Create JWT feature
Login API endpoint to authenticate WordPress users based on username/email and password
Supports the JWT token generation using the HS256 signing algorithm.
JWT token signing with randomly generated secret signing key.
Default JWT token expiration is 60 minutes.
User Registration feature
Provide an API endpoint for user registration with the default subscriber role.
Provide a user-based JWT token in the success response.
No Extra Security key for user registration API.
User Deletion feature
Provide an API endpoint for user deletion with JWT token validation using the HS256 signing algorithm.
No Extra Security key for user deletion API.
User login feature
Allows WordPress login (SSO) using a user-based JWT token with HS256 signing created using the plugin’s Create JWT feature.
Retrieve the JWT token from the URL parameter to allow auto-login.
Auto redirection on login to the homepage or on the same page/URL from where the autologin is initiated.
Default Subscriber role is assigned on login using JWT.
PREMIUM PLAN
Create JWT feature
Supports JWT token generation using HS256 and a securer RS256 signing algorithm.
JWT token signing with a custom secret signing key or certificate.
Custom token expiration to expire the token as per your requirement to improvise security.
Custom JWT token decryption key.
Revoke and invalidate existing user JWT token whenever a new JWT token is generated for a user.
User Registration feature
Provide an API endpoint for user registration with a custom role.
Provide a user-based JWT token in the success response.
Extra Security key for user registration API endpoint.
User Deletion feature
Provide an API endpoint for user deletion with JWT token validation using the HS256 signing algorithm.
Extra Security key for user deletion API.
User login feature
Allows WordPress login (SSO) using a user-based JWT with HS256 signing created either using plugins create JWT feature or a JWT token obtained from an external source.
Allows WordPress login using a user-based JWT with RS256 signing validation.
Allows WordPress login using a user-based JWT with JWKS token validation support.
Allows WordPress login using a user-based JWT obtained from an external OAuth/OpenID Connect provider.
Retrieve the JWT token from the URL parameter, request header and cookie to allow auto-login between platforms.
Auto redirection on login to the homepage or on the same page/URL from where the autologin is initiated.
Auto redirection on login to any custom URL.
User Attribute/Profile mapping on SSO login.
Option to assign any WordPress role rather than default subscriber on SSO login.
Automatic role and group Mapping to the user who performs SSO using a JWT token.
SSO Login Audit feature to track the users who perform login using the JWT token.
Add-On to share the user session to other applications using the JWT token stored in the cookie
Other Related Integrations
OAuth Single Sign On – SSO (OAuth Client) – This plugin allows Single Sign On – SSO login in your WordPress site using external OAuth 2.0, OpenID Connect Providers
SAML Single Sign On – SSO Login – This plugin allows Single Sign On – SSO login in your WordPress site using external SAML, WS-FED Providers
WordPress REST API Authentication – This plugin protects your WordPress REST API endpoints from unauthorized access using secure OAuth 2.0, JWT authentication, Basic authentication, Bearer API Key token and even more.
Privacy
This plugin does not store any user data. This plugin uses login.xecurify.com for registration as miniOrange uses login.xecurify.com if the user chooses to register and upgrade to premium. If the user does not want to register then he can continue using the free plugin. (Link to the privacy policy – https://www.miniorange.com/privacy-policy.pdf )
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WP Login and Register using JWT」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.0 | 2.1.1 | 2.1.2 | 2.2.0 | 2.3.0 | 2.4.0 | 2.5.0 | 2.6.0 | 2.7.0 | 2.8.0 | 2.9.0 | trunk |
延伸相關外掛(你可能也想知道)
JWT Authentication for WP REST API 》此外掛使用 JSON Web Tokens (JWT) 做為驗證方式,擴充了 WP REST API 。JSON Web Tokens 是一種開放且具有行業標準的方法,用來在兩方之間安全地傳遞聲明。,...。
WordPress REST API Authentication 》WordPress REST API 預設是鬆散的端點,駭客可以通過這些端點遠程控制您的網站。 您不希望駭客可以透過 WordPress 登錄和 WordPress 註冊或任何其他端點來獲...。
JWT Auth – WordPress JSON Web Token Authentication 》WordPress JSON Web Token Authentication 可讓您通過令牌進行 REST API 認證。它是一個簡單、非複雜且易於使用的外掛程式。這個外掛可能是在 WordPress 中執...。
Simple JWT Login – Allows you to use JWT on REST endpoints. 》Simple JWT Login 是一個免費的 WordPress 外掛,可讓您在 WordPress REST 端點上使用 JWT。此外掛可讓您使用 JWT 登入、註冊、驗證、刪除和更改使用者密碼。...。
Firebase Authentication 》Firebase 認證外掛可讓您使用 Firebase 使用者登入憑證或社交登入來登入或通過單一登入 (SSO) 登入 WordPress 網站。, Firebase 認證使用預設的 WordPress 登...。
API Bearer Auth 》API Bearer Auth 外掛可以藉由使用 JWT 存取和更新權杖來啟用 REST API 的驗證功能。當使用者登入後,存取和更新權杖將會回傳,並可以用於下一個請求。發行的...。
CoCart JWT Authentication 》- CoCart的免費附加元件可讓您透過簡單的JWT Token進行身份驗證。- 啟用PHP HTTP授權標頭- 大多數共享主機默認已禁用HTTP授權標頭。- 要啟用此選項,您需要通...。
Auto Login with Cloudflare 》啟用 Cloudflare Access 自架應用程式以保護您的 /wp-admin 資料夾。從 Cloudflare Access 新增您的授權域名和目標網站設定。如果使用者的電子郵件地址相符,...。
User Data Fields For JWT Authentication 》,原文描述並未完成,缺少後續內容。。
Simple REST API Authenticaton with WooCommerce Credentials 》介紹我們新的 Simple REST API Authentication WordPress 外掛程式,是協調您的網站與外部應用程序間無間接的整合方案。, 此外掛程式讓您可以使用基本認證方...。
Ultimate WP REST API 》一個絕妙的 WordPress 外掛,可擴展 WordPress APIs,如菜單、特色圖像、JWT 身份驗證及緩存... , 所有的 API 都經過測試,並在 EGANY 的應用程序中使用,您...。
JWT Single Sign On 》這個外掛讓你可以透過 JSON Web Token (JWT) 在 WordPress 中登錄使用者。它被用來讓來自其他網站、服務等的使用者安全地使用他們的憑證登錄到 WordPress 網...。
REST API Authentication and Security 》總結:WordPress Rest APIs可用於各種整合,但預設未經安全保護,可能導致安全問題和數據洩漏。加入身份驗證層是確保 API 受到保護免受未經授權訪問的簡單方...。
JWT Authenticator 》這個外掛整合了 JWT 認證並自動建立使用者帳戶。這個外掛程式是為 AAF Rapid Connect 開發,但也可用於其他供應商。, 以下是此外掛的運作方式:, , 使用指令 ...。
GS JWT Authentication for WP REST API 》:, {, "message": "OTP is Successfully Send to your Mobile Number." , }, , , Verify otp by billing mobile number, , Request method:, POST /wp-j...。