Download the JWT Authentication for CoCart plugin to use these filters.
Each filter is documented below with its description and usage example.

Authentication filters

cocart_jwt_auth_issued_at

Made available since v2.0.0
Allows you to change the token issuance timestamp (iat claim) for token timing synchronization. 
add_filter( 'cocart_jwt_auth_issued_at', function( $timestamp ) {
    // Add a 5-minute buffer
    return $timestamp + (5 * MINUTE_IN_SECONDS);
} );

cocart_jwt_auth_issuer

Made available since v2.0.0
Allows you to change the token issuer (iss claim) for multi-site setups or custom API endpoints. 
add_filter( 'cocart_jwt_auth_issuer', function( $issuer ) {
    return 'https://api.yoursite.com';
} );

cocart_jwt_auth_not_before

Made available since v2.0.0
Allows you to set when the token becomes valid (nbf claim) for token activation control. 
add_filter( 'cocart_jwt_auth_not_before', function( $time, $issued_at ) {
    // Token becomes valid 5 minutes after issuance
    return $issued_at + (5 * MINUTE_IN_SECONDS);
}, 10, 2);

cocart_jwt_auth_expire

Made available since v2.0.0
Allows you to customize when the token will expire (exp claim) based on roles or conditions. 
add_filter( 'cocart_jwt_auth_expire', function( $expiration, $issued_at ) {
    // Set expiration to 2 days
    return 2 * DAY_IN_SECONDS;
}, 10, 2);

cocart_jwt_auth_algorithm

Made available since v2.0.0
vAllows you to change the algorithm used for token signing. 
add_filter( 'cocart_jwt_auth_algorithm', function( $algorithm ) {
    return 'RS256'; // Use RSA SHA-256 instead of default HS256
});

cocart_jwt_auth_token_user_data

Made available since v2.2.0
Allows additional user data to be applied to the payload before the token is generated. 
add_filter( 'cocart_jwt_auth_token_user_data', function( $data, $user ) {
    return array_merge( $data, array(
        'role'         => $user->roles[0],
        'display_name' => $user->display_name,
        'email'        => $user->user_email
    ) );
}, 10, 2);

Refresh Token Filters

cocart_jwt_auth_refresh_token_generation

Made available since v2.0.0
Allows you to change how refresh tokens are generated. 
add_filter( 'cocart_jwt_auth_refresh_token_generation', function( $token ) {
    return md5( uniqid() . time() ); // Use MD5 for token generation
});

cocart_jwt_auth_refresh_token_expiration

Made available since v2.0.0
Allows you to customize refresh token lifetime based on roles or conditions. 
add_filter( 'cocart_jwt_auth_refresh_token_expiration', function( $expiration ) {
    return 60 * DAY_IN_SECONDS; // Set to 60 days
});

Token Management

cocart_jwt_auth_revoke_tokens_on_email_change

Made available since v2.3.0
Allows you to control token revocation on email changes. 
add_filter( 'cocart_jwt_auth_revoke_tokens_on_email_change', function( $should_revoke, $user_id ) {
    return true; // Always revoke tokens on email change.
}, 10, 2);

cocart_jwt_auth_revoke_tokens_on_password_change

Made available since v2.3.0
Allows you to control token revocation on password changes for security policies. 
add_filter( 'cocart_jwt_auth_revoke_tokens_on_password_change', function( $should_revoke, $user_id ) {
    return $user_id !== 1; // Don't revoke tokens for admin user
}, 10, 2);

cocart_jwt_auth_revoke_tokens_on_after_password_reset

Made available since v2.3.0
Allows you to control token revocation on password reset for security policies. 
add_filter( 'cocart_jwt_auth_revoke_tokens_on_after_password_reset', function( $should_revoke, $user_id ) {
    return true; // Always revoke tokens after password reset.
}, 10, 2);

cocart_jwt_auth_revoke_tokens_on_profile_update

Made available since v2.3.0
Allows you to control token revocation on profile update. 
add_filter( 'cocart_jwt_auth_revoke_tokens_on_profile_update', function( $should_revoke, $user_id ) {
    return true; // Always revoke tokens on profile change.
}, 10, 2);

cocart_jwt_auth_revoke_tokens_on_delete_user

Made available since v2.3.0
Allows you to control token revocation when a user is deleted. 
add_filter( 'cocart_jwt_auth_revoke_tokens_on_delete_user', function( $should_revoke, $user_id ) {
    return true; // Always revoke tokens when user is deleted.
}, 10, 2);

cocart_jwt_auth_revoke_tokens_on_wp_logout

Made available since v2.3.0
Allows you to control token revocation when a user logs out. 
add_filter( 'cocart_jwt_auth_revoke_tokens_on_wp_logout', function( $should_revoke, $user_id ) {
    return true; // Always revoke tokens on logout.
}, 10, 2);
All filters follow WordPress coding standards and can be used with the standard add_filter() function. The examples above show practical implementations for each filter.

cocart_jwt_auth_token_prefix

Made available since v2.5.0
This prefix is used to identify the token type. It can be useful if you want to use different token types or to avoid conflicts with other JWT implementations.
It is NOT required to use a prefix, but it can help to distinguish tokens from different sources or implementations so use a unique prefix. 
add_filter( 'cocart_jwt_auth_token_prefix', function( $prefix ) {
    return 'cocart_';
}, 10, 2);