Make sure you have downloaded the JWT Authentication for CoCart plugin and installed it.
Secret Key Configuration
Add the following code to your wp-config.php file:Never share or commit your secret key. Keep it secure and unique for each environment.
Enable PHP HTTP Authorization Header
Shared Hosts
Most shared hosting providers have disabled the HTTP Authorization Header by default. To enable this option you’ll need to edit your .htaccess file by adding the following:WPEngine
To enable this option you’ll need to edit your .htaccess file by adding the following outside of IfModule:How It Works
CoCart JWT Authentication implements a secure OAuth 2.0 compliant authentication flow. Here’s how the authentication process works in your WordPress application:1
Authentication Request
Client authenticates the login endpoint via Authorization header using the basic method to obtain JWT tokens.
2
Token Usage
Use the JWT token to authenticate any REST API requests via Authorization header using bearer method.
3
Token Refresh
Use refresh token to obtain new access tokens without re-authentication via the refresh-token endpoint.
4
Validate Token
Validate the token in the background of your application from time to time to check the users authentication session is still valid.
Security Best Practices
CoCart JWT Authentication comes with built-in security features to protect your WordPress application. Here are the key security measures you should be aware of:Automatic token revocation on password/email changes.
Automatic token revocation on user deletion.
Automatic token revocation on user logout.
Configurable token expiration times.
Secure refresh token rotation.