• Stars
    star
    337
  • Rank 125,272 (Top 3 %)
  • Language
    PHP
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Authentication for WPGraphQL using JWT (JSON Web Tokens)

Logo

WPGraphQL JWT Authentication

Build Status Coverage Status

This plugin extends the WPGraphQL plugin to provide authentication using JWT (JSON Web Tokens)

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

This plugin was initially based off the wp-api-jwt-auth plugin by Enrique Chavez (https://github.com/Tmeister), but modified (almost completely) for use with the WPGraphQL plugin.

Install, Activate & Setup

You can install and activate the plugin like any WordPress plugin. Download the .zip from Github and add to your plugins directory, then activate.

JWT uses a Secret defined on the server to validate the signing of tokens.

It's recommended that you use something like the WordPress Salt generator (https://api.wordpress.org/secret-key/1.1/salt/) to generate a Secret.

You can define a Secret like so:

define( 'GRAPHQL_JWT_AUTH_SECRET_KEY', 'your-secret-token' );

Or you can use the filter graphql_jwt_auth_secret_key to set a Secret like so:

add_filter( 'graphql_jwt_auth_secret_key', function() {
  return 'your-secret-token';
});

This secret is used in the encoding and decoding of the JWT token. If the Secret were ever changed on the server, ALL tokens that were generated with the previous Secret would become invalid. So, if you wanted to invalidate all user tokens, you can change the Secret on the server and all previously issued tokens would become invalid and require users to re-authenticate.

HTTP_AUTHORIZATION

In order to use this plugin, your WordPress environment must support the HTTP_AUTHORIZATION header. In some cases, this header is not passed to WordPress because of some server configurations.

Depending on your particular environment, you may have to research how to enable these headers, but in Apache, you can do the following in your .htaccess:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

For NGINX, this may work: https://serverfault.com/questions/511206/nginx-forward-http-auth-user#answer-511612

How the plugin Works

Login User

This plugin adds a new login mutation to the WPGraphQL Schema.

This can be used like so:

Input-Type: LoginUserInput!

mutation LoginUser {
  login( input: {
    clientMutationId: "uniqueId",
    username: "your_login",
    password: "your password"
  } ) {
    authToken
    user {
      id
      name
    }
  }
}

The authToken that is received in response to the login mutation can then be stored in local storage (or similar) and used in subsequent requests as an HTTP Authorization header to Authenticate the user prior to execution of the GraphQL request.

Register User

Input-Type: RegisterUserInput!

mutation RegisterUser {
  registerUser(
    input: {
        clientMutationId: "uniqueId",
        username: "your_username",
        password: "your_password",
        email: "your_email"
    }) {
    user {
      jwtAuthToken
      jwtRefreshToken
    }
  }
}

Refresh Auth Token

Input-Type: RefreshJwtAuthTokenInput!

mutation RefreshAuthToken {
  refreshJwtAuthToken(
    input: {
      clientMutationId: "uniqueId"
      jwtRefreshToken: "your_refresh_token",
  }) {
    authToken
  }
}

Filters

The plugin offers some filters to hook into.

Change Auth Token expiration

Note: For security, we highly recommend, that the Auth Token is short lived. So do not set this higher than 300 seconds unless you know what you are doing.

function custom_jwt_expiration( $expiration ) {
    return 60;
}

add_filter('graphql_jwt_auth_expire', 'custom_jwt_expiration', 10);
  • Argument: Expiration in seconds
  • Default: 300

Example using GraphiQL

Example using GraphiQL

More Repositories

1

wp-graphql

πŸš€ GraphQL API for WordPress
PHP
3,650
star
2

wp-graphql-woocommerce

Add WooCommerce support and functionality to your WPGraphQL server
PHP
644
star
3

wp-graphql-acf

WPGraphQL for Advanced Custom Fields
PHP
626
star
4

wp-graphiql

GraphiQL IDE, fine tuned for use with WPGraphQL
JavaScript
289
star
5

gatsby-wpgraphql-blog-example

Demo showing how to use WPGraphQL as the source for Gatsby Sites
JavaScript
147
star
6

wp-graphql-custom-post-type-ui

Adds Settings to the Custom Post Type UI plugin to show Post Types in WPGraphQL
PHP
82
star
7

wpgraphql-acf

Re-architecture of WPGraphQL for ACF
PHP
79
star
8

wp-graphql-smart-cache

Smart Caching & Cache Invalidation for WPGraphQL
PHP
60
star
9

wp-graphql-meta-query

WPGraphQL Extension: Adds "meta_query" support to postObject connection queries using WP_Query
PHP
51
star
10

wp-graphql-tax-query

Adds `tax_query` support to postObject connection queries using WP_Query
PHP
46
star
11

wpgraphql.com

The main website for WPGraphQL.com. This is a NextJS site pulling data from WordPress + WPGraphQL.
JavaScript
36
star
12

wp-graphql-block-editor

EXPERIMENTAL plugin extending WPGraphQL to support querying (Gutenberg) Blocks as data, using Server Side Block registries to map Blocks to the GraphQL Schema.
PHP
32
star
13

wordflix-single-page-app

This is a Single Page App that was created for use in a workshop showing how to build Single Page Apps using WordPress, React and GraphQL.
HTML
26
star
14

docs.wpgraphql.com

DEPRECATED. The docs now exist within the WPGraphQL repo:
JavaScript
21
star
15

graphql-gutenblock-example

Example Gutenberg Block using WPGraphQL to populate the data
JavaScript
18
star
16

wpgraphql-gatsby-kanban

Kanban board created with WPGraphQL and Gatsby, for demo at WordCamp US
JavaScript
17
star
17

woographql-subscriptions

Adds WooCommerce Subscriptions types and functionality to your WPGraphQL API.
PHP
14
star
18

wp-graphql-insights

Insights and Logging for WPGraphQL
PHP
12
star
19

examples

JavaScript
11
star
20

wp-graphql-dad-jokes

Get a random Dad Joke returned via GraphQL query using the WPGraphQL WordPress plugin (https://github.com/wp-graphql/wp-graphql)
Shell
11
star
21

wpgraphql-ide

A next-gen query editor for WPGraphQL πŸš€
JavaScript
10
star
22

playground.wpgraphql.com

GraphiQL playground, specifically for WPGraphQL and it's extensions
JavaScript
10
star
23

wp-graphql-subscriptions

Subscriptions for WPGraphQL
10
star
24

wp-graphiql-2

Temporary home of v2.0 of WPGraphiQL, the GraphiQL IDE that ships with WPGraphQL
CSS
8
star
25

wp-graphql-testcase

WPGraphQL API Unit Testing Library supports WP-PHPUnit(PHPUnit) and WPBrowser(Codeception)
PHP
7
star
26

wp-graphql-notifications-connection-example

This is an example plugin showing how to register custom connections to WPGraphQL, pulling data from custom SQL tables.
PHP
7
star
27

wp-graphql-fieldmanager

GraphQL bindings for WordPress Fieldmanager, by Alley Interactive
PHP
6
star
28

wp-graphql-react-native-example

This is a repository showing a basic example of using React Native to interact with WPGraphQL. NOTE: This is an example project and should not necessarily be considered a guide for best practices.
Java
5
star
29

wp-graphql-federation

Extension to WPGraphQL, providing support for Apollo Federation
PHP
4
star
30

wp-graphql-theme

WordPress Theme for wpgraphql.com
CSS
4
star
31

wp-settings-api

API for building setting pages in WordPress.
3
star
32

wp-graphql-blue-guitar

Example plugin showing how to register a GraphQL field to the WPGraphQL Schema
PHP
3
star
33

wp-graphql-api-docs

WPGraphQL API Docs generated using ApiGen
HTML
2
star
34

wp-graphql-e2e-tests-example

An example plugin showing how to add End to End tests to a WordPress plugin
JavaScript
2
star
35

wp-graphql-docs

Documentation for your WP GraphQL Schema
HTML
2
star
36

acf.wpgraphql.com

JavaScript
1
star
37

dashboard.wpgraphql.com

Prototype of a WordPress Dashboard built on Gatsby, using WPGraphQL and Ant Design
1
star
38

wp-graphiql-desktop

GraphiQL, tailored specifically for working with WPGraphQL as a Desktop App.
JavaScript
1
star
39

wp-graphql-co-authors-plus

Adds Co Authors Plus support to WPGraphQL
1
star