All Projects → wp-graphql → Wp Graphql Jwt Authentication

wp-graphql / Wp Graphql Jwt Authentication

Licence: gpl-3.0
Authentication for WPGraphQL using JWT (JSON Web Tokens)

Projects that are alternatives of or similar to Wp Graphql Jwt Authentication

Django Graphql Social Auth
Python Social Auth support for Graphene Django
Stars: ✭ 90 (-47.67%)
Mutual labels:  graphql, jwt
Wp Graphql Yoast Seo
This is an extension to the WPGraphQL plugin for Yoast SEO
Stars: ✭ 120 (-30.23%)
Mutual labels:  graphql, wordpress-plugin
Auth Module
auth.nuxtjs.org
Stars: ✭ 1,624 (+844.19%)
Mutual labels:  jwt, auth
App
Reusable framework for micro services & command line tools
Stars: ✭ 66 (-61.63%)
Mutual labels:  graphql, jwt
Apollo Universal Starter Kit
Apollo Universal Starter Kit is an SEO-friendly, fully-configured, modular starter application that helps developers to streamline web, server, and mobile development with cutting-edge technologies and ultimate code reuse.
Stars: ✭ 1,645 (+856.4%)
Mutual labels:  graphql, auth
Foal
Elegant and all-inclusive Node.Js web framework based on TypeScript. 🚀.
Stars: ✭ 1,176 (+583.72%)
Mutual labels:  jwt, auth
Nextjs Headless Wordpress
🔥 Nextjs Headless WordPress
Stars: ✭ 110 (-36.05%)
Mutual labels:  graphql, jwt
Hapi Auth Keycloak
JSON Web Token based Authentication powered by Keycloak
Stars: ✭ 29 (-83.14%)
Mutual labels:  jwt, auth
Springboot Restful Angular
springBoot,restful,jwt,angular4 搭建的前后端分离后台管理系统
Stars: ✭ 121 (-29.65%)
Mutual labels:  graphql, jwt
Netcoreblockly
.NET Core API to Blockly - generate from WebAPI, Swagger, OData, GraphQL =>
Stars: ✭ 121 (-29.65%)
Mutual labels:  graphql, jwt
Idtoken Verifier
Lightweight RSA JWT verification
Stars: ✭ 52 (-69.77%)
Mutual labels:  jwt, auth
Pop
Monorepo of the PoP project, including: a server-side component model in PHP, a GraphQL server, a GraphQL API plugin for WordPress, and a website builder
Stars: ✭ 160 (-6.98%)
Mutual labels:  graphql, wordpress-plugin
Example Auth
User auth, session & JWT example for ReactQL
Stars: ✭ 51 (-70.35%)
Mutual labels:  graphql, jwt
Authex
Authex is an opinionated JWT authentication and authorization library for Elixir.
Stars: ✭ 73 (-57.56%)
Mutual labels:  jwt, auth
Slim3 Jwt Auth Example
Server side implementation example of JWT (JSON Web Token) authentication using Slim3
Stars: ✭ 45 (-73.84%)
Mutual labels:  jwt, auth
Nestjs Graphql
nest-js starter which implement graphql module
Stars: ✭ 111 (-35.47%)
Mutual labels:  graphql, jwt
Hzdtf.foundation.framework
基础框架系统,支持.NET和.NET Core平台,语言:C#,DB支持MySql和SqlServer,主要功能有抽象持久化、服务层,将业务基本的增删改查抽离复用;提供代码生成器从DB生成实体、持久化、服务以及MVC控制器,每层依赖接口,并需要在客户端将对应实现层用Autofac程序集依赖注入,用AOP提供日志跟踪、事务、模型验证等。对Autofac、Redis、RabbitMQ封装扩展;DB访问提供自动主从访问,Redis客户端分区。特别适合管理系统。
Stars: ✭ 22 (-87.21%)
Mutual labels:  jwt, auth
Got Auth Service
A professional role-based-authorization(also supports resource and group) service with restful and graphql api for enterprise applications.
Stars: ✭ 12 (-93.02%)
Mutual labels:  graphql, auth
Graphql Directive Auth
GraphQL directive for handling auth
Stars: ✭ 120 (-30.23%)
Mutual labels:  graphql, auth
Twitter Clone With Graphql Reactnative
Stars: ✭ 155 (-9.88%)
Mutual labels:  graphql, jwt

Logo

WPGraphQL JWT Authentication

Build Status Coverage Status

This plugin extends the WPGraphQL plugin to provide authentication using JWT (JSON Web Tokens)

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

This plugin was initially based off the wp-api-jwt-auth plugin by Enrique Chavez (https://github.com/Tmeister), but modified (almost completely) for use with the WPGraphQL plugin.

Install, Activate & Setup

You can install and activate the plugin like any WordPress plugin. Download the .zip from Github and add to your plugins directory, then activate.

JWT uses a Secret defined on the server to validate the signing of tokens.

It's recommended that you use something like the WordPress Salt generator (https://api.wordpress.org/secret-key/1.1/salt/) to generate a Secret.

You can define a Secret like so:

define( 'GRAPHQL_JWT_AUTH_SECRET_KEY', 'your-secret-token' );

Or you can use the filter graphql_jwt_auth_secret_key to set a Secret like so:

add_filter( 'graphql_jwt_auth_secret_key', function() {
  return 'your-secret-token';
});

This secret is used in the encoding and decoding of the JWT token. If the Secret were ever changed on the server, ALL tokens that were generated with the previous Secret would become invalid. So, if you wanted to invalidate all user tokens, you can change the Secret on the server and all previously issued tokens would become invalid and require users to re-authenticate.

HTTP_AUTHORIZATION

In order to use this plugin, your WordPress environment must support the HTTP_AUTHORIZATION header. In some cases, this header is not passed to WordPress because of some server configurations.

Depending on your particular environment, you may have to research how to enable these headers, but in Apache, you can do the following in your .htaccess:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

For NGINX, this may work: https://serverfault.com/questions/511206/nginx-forward-http-auth-user#answer-511612

How the plugin Works

Login User

This plugin adds a new login mutation to the WPGraphQL Schema.

This can be used like so:

Input-Type: LoginUserInput!

mutation LoginUser {
  login( input: {
    clientMutationId: "uniqueId",
    username: "your_login",
    password: "your password"
  } ) {
    authToken
    user {
      id
      name
    }
  }
}

The authToken that is received in response to the login mutation can then be stored in local storage (or similar) and used in subsequent requests as an HTTP Authorization header to Authenticate the user prior to execution of the GraphQL request.

Register User

Input-Type: RegisterUserInput!

mutation RegisterUser {
  registerUser(
    input: {
        clientMutationId: "uniqueId",
        username: "your_username",
        password: "your_password",
        email: "your_email"
    }) {
    user {
      jwtAuthToken
      jwtRefreshToken
    }
  }
}

Refresh Auth Token

Input-Type: RefreshJwtAuthTokenInput!

mutation RefreshAuthToken {
  refreshJwtAuthToken(
    input: {
      clientMutationId: "uniqueId"
      jwtRefreshToken: "your_refresh_token",
  }) {
    authToken
  }
}

Filters

The plugin offers some filters to hook into.

Change Auth Token expiration

Note: For security, we highly recommend, that the Auth Token is short lived. So do not set this higher than 300 seconds unless you know what you are doing.

function custom_jwt_expiration( $expiration ) {
    return 60;
}

add_filter('graphql_jwt_auth_expire', 'custom_jwt_expiration', 10);
  • Argument: Expiration in seconds
  • Default: 300

Example using GraphiQL

Example using GraphiQL

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].