Each filter is documented below with its description and usage example.
Authentication filters
cocart_jwt_auth_issued_at
Made available since v2.0.0
add_filter( 'cocart_jwt_auth_issued_at', function( $timestamp ) {
// Add a 5-minute buffer
return $timestamp + (5 * MINUTE_IN_SECONDS);
} );
cocart_jwt_auth_issuer
Made available since v2.0.0
add_filter( 'cocart_jwt_auth_issuer', function( $issuer ) {
return 'https://api.yoursite.com';
} );
cocart_jwt_auth_not_before
Made available since v2.0.0
add_filter( 'cocart_jwt_auth_not_before', function( $time, $issued_at ) {
// Token becomes valid 5 minutes after issuance
return $issued_at + (5 * MINUTE_IN_SECONDS);
}, 10, 2);
cocart_jwt_auth_expire
Made available since v2.0.0
add_filter( 'cocart_jwt_auth_expire', function( $expiration, $issued_at ) {
// Set expiration to 2 days
return 2 * DAY_IN_SECONDS;
}, 10, 2);
cocart_jwt_auth_algorithm
Made available since v2.0.0
add_filter( 'cocart_jwt_auth_algorithm', function( $algorithm ) {
return 'RS256'; // Use RSA SHA-256 instead of default HS256
});
cocart_jwt_auth_token_user_data
Made available since v2.2.0
add_filter( 'cocart_jwt_auth_token_user_data', function( $data, $user ) {
return array_merge( $data, array(
'role' => $user->roles[0],
'display_name' => $user->display_name,
'email' => $user->user_email
) );
}, 10, 2);
Refresh Token Filters
cocart_jwt_auth_refresh_token_generation
Made available since v2.0.0
add_filter( 'cocart_jwt_auth_refresh_token_generation', function( $token ) {
return md5( uniqid() . time() ); // Use MD5 for token generation
});
cocart_jwt_auth_refresh_token_expiration
Made available since v2.0.0
add_filter( 'cocart_jwt_auth_refresh_token_expiration', function( $expiration ) {
return 60 * DAY_IN_SECONDS; // Set to 60 days
});
Token Management
cocart_jwt_auth_revoke_tokens_on_email_change
Made available since v2.3.0
add_filter( 'cocart_jwt_auth_revoke_tokens_on_email_change', function( $should_revoke, $user_id ) {
return true; // Always revoke tokens on email change.
}, 10, 2);
cocart_jwt_auth_revoke_tokens_on_password_change
Made available since v2.3.0
add_filter( 'cocart_jwt_auth_revoke_tokens_on_password_change', function( $should_revoke, $user_id ) {
return $user_id !== 1; // Don't revoke tokens for admin user
}, 10, 2);
cocart_jwt_auth_revoke_tokens_on_after_password_reset
Made available since v2.3.0
add_filter( 'cocart_jwt_auth_revoke_tokens_on_after_password_reset', function( $should_revoke, $user_id ) {
return true; // Always revoke tokens after password reset.
}, 10, 2);
cocart_jwt_auth_revoke_tokens_on_profile_update
Made available since v2.3.0
add_filter( 'cocart_jwt_auth_revoke_tokens_on_profile_update', function( $should_revoke, $user_id ) {
return true; // Always revoke tokens on profile change.
}, 10, 2);
cocart_jwt_auth_revoke_tokens_on_delete_user
Made available since v2.3.0
add_filter( 'cocart_jwt_auth_revoke_tokens_on_delete_user', function( $should_revoke, $user_id ) {
return true; // Always revoke tokens when user is deleted.
}, 10, 2);
cocart_jwt_auth_revoke_tokens_on_wp_logout
Made available since v2.3.0
add_filter( 'cocart_jwt_auth_revoke_tokens_on_wp_logout', function( $should_revoke, $user_id ) {
return true; // Always revoke tokens on logout.
}, 10, 2);
All filters follow WordPress coding standards and can be used with the standard add_filter() function. The examples above show practical implementations for each filter.
cocart_jwt_auth_token_prefix
Made available since v2.5.0
It is NOT required to use a prefix, but it can help to distinguish tokens from different sources or implementations so use a unique prefix.
add_filter( 'cocart_jwt_auth_token_prefix', function( $prefix ) {
return 'cocart_';
}, 10, 2);
cocart_jwt_auth_max_user_tokens
Made available since v3.0.0
add_filter( 'cocart_jwt_auth_max_user_tokens', function( $max_tokens, $user ) {
// Allow administrators to have more tokens
if ( in_array( 'administrator', $user->roles ) ) {
return 20;
}
// Limit regular users to 3 tokens
return 3;
}, 10, 2);
