在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):wp-graphql/wp-graphql-jwt-authentication开源软件地址(OpenSource Url):https://github.com/wp-graphql/wp-graphql-jwt-authentication开源编程语言(OpenSource Language):PHP 92.4%开源软件介绍(OpenSource Introduction):WPGraphQL JWT AuthenticationThis plugin extends the WPGraphQL plugin to provide authentication using JWT (JSON Web Tokens) JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. This plugin was initially based off the Install, Activate & SetupYou can install and activate the plugin like any WordPress plugin. Download the .zip from Github and add to your plugins directory, then activate. JWT uses a Secret defined on the server to validate the signing of tokens. It's recommended that you use something like the WordPress Salt generator (https://api.wordpress.org/secret-key/1.1/salt/) to generate a Secret. You can define a Secret like so:
Or you can use the filter
This secret is used in the encoding and decoding of the JWT token. If the Secret were ever changed on the server, ALL tokens that were generated with the previous Secret would become invalid. So, if you wanted to invalidate all user tokens, you can change the Secret on the server and all previously issued tokens would become invalid and require users to re-authenticate.
HTTP_AUTHORIZATIONIn order to use this plugin, your WordPress environment must support the HTTP_AUTHORIZATION header. In some cases, this header is not passed to WordPress because of some server configurations. Depending on your particular environment, you may have to research how to enable these headers, but in Apache, you can do the following in your
For NGINX, this may work: https://serverfault.com/questions/511206/nginx-forward-http-auth-user#answer-511612 How the plugin WorksLogin UserThis plugin adds a new This can be used like so: Input-Type: mutation LoginUser {
login( input: {
clientMutationId: "uniqueId",
username: "your_login",
password: "your password"
} ) {
authToken
user {
id
name
}
}
} The
Register UserInput-Type: mutation RegisterUser {
registerUser(
input: {
clientMutationId: "uniqueId",
username: "your_username",
password: "your_password",
email: "your_email"
}) {
user {
jwtAuthToken
jwtRefreshToken
}
}
} Refresh Auth TokenInput-Type: mutation RefreshAuthToken {
refreshJwtAuthToken(
input: {
clientMutationId: "uniqueId"
jwtRefreshToken: "your_refresh_token",
}) {
authToken
}
} FiltersThe plugin offers some filters to hook into. Change Auth Token expirationNote: For security, we highly recommend, that the Auth Token is short lived. So do not set this higher than 300 seconds unless you know what you are doing. function custom_jwt_expiration( $expiration ) {
return 60;
}
add_filter('graphql_jwt_auth_expire', 'custom_jwt_expiration', 10);
Example using GraphiQL |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论