{"id":13466774,"url":"https://github.com/wp-graphql/wp-graphql-jwt-authentication","last_synced_at":"2026-03-13T23:17:26.003Z","repository":{"id":19807571,"uuid":"87973307","full_name":"wp-graphql/wp-graphql-jwt-authentication","owner":"wp-graphql","description":"Authentication for WPGraphQL using JWT (JSON Web Tokens)","archived":false,"fork":false,"pushed_at":"2024-10-24T21:23:23.000Z","size":4726,"stargazers_count":359,"open_issues_count":62,"forks_count":77,"subscribers_count":13,"default_branch":"develop","last_synced_at":"2025-10-13T12:27:16.210Z","etag":null,"topics":["auth","graphql","hacktoberfest","jwt","wordpress-plugin","wpgraphql"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wp-graphql.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-11T19:49:52.000Z","updated_at":"2025-10-13T09:49:02.000Z","dependencies_parsed_at":"2023-12-19T10:02:50.021Z","dependency_job_id":"82a446dd-a8f1-4fab-a294-bada835945dc","html_url":"https://github.com/wp-graphql/wp-graphql-jwt-authentication","commit_stats":{"total_commits":136,"total_committers":22,"mean_commits":6.181818181818182,"dds":"0.32352941176470584","last_synced_commit":"5d202620ef1989bb94ebe57161b2a58591327b6c"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/wp-graphql/wp-graphql-jwt-authentication","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql-jwt-authentication","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql-jwt-authentication/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql-jwt-authentication/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql-jwt-authentication/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wp-graphql","download_url":"https://codeload.github.com/wp-graphql/wp-graphql-jwt-authentication/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql-jwt-authentication/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30479125,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-13T20:45:58.186Z","status":"ssl_error","status_checked_at":"2026-03-13T20:45:20.133Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","graphql","hacktoberfest","jwt","wordpress-plugin","wpgraphql"],"created_at":"2024-07-31T15:00:49.882Z","updated_at":"2026-03-13T23:17:25.971Z","avatar_url":"https://github.com/wp-graphql.png","language":"PHP","funding_links":[],"categories":["Plugins","PHP","Authentication"],"sub_categories":["WordPress"],"readme":"![Logo](https://www.wpgraphql.com/wp-content/uploads/2017/06/wpgraphql-logo-e1502819081849.png)\n\n# WPGraphQL JWT Authentication\n\n[![Build Status](https://travis-ci.org/wp-graphql/wp-graphql-jwt-authentication.svg?branch=master)](https://travis-ci.org/wp-graphql/wp-graphql-jwt-authentication)\n[![Coverage Status](https://coveralls.io/repos/github/wp-graphql/wp-graphql-jwt-authentication/badge.svg?branch=master)](https://coveralls.io/github/wp-graphql/wp-graphql-jwt-authentication?branch=master)\n\n\nThis plugin extends the \u003ca href=\"https://github.com/wp-graphql/wp-graphql\" target=\"_blank\"\u003eWPGraphQL\u003c/a\u003e plugin to provide authentication using JWT (JSON Web Tokens)\n\nJSON Web Tokens are an open, industry standard [RFC 7519](https://tools.ietf.org/html/rfc7519) method for representing claims securely between two parties.\n\nThis plugin was initially based off the `wp-api-jwt-auth` plugin by Enrique Chavez (https://github.com/Tmeister), but modified (almost completely) for use with the \u003ca href=\"https://github.com/wp-graphql/wp-graphql\" target=\"_blank\"\u003eWPGraphQL\u003c/a\u003e plugin.\n\n## Install, Activate \u0026 Setup\n\nYou can install and activate the plugin like any WordPress plugin. Download the .zip from Github and add to your plugins directory, then activate.\n\nJWT uses a Secret defined on the server to validate the signing of tokens.\n\nIt's recommended that you use something like the WordPress Salt generator (https://api.wordpress.org/secret-key/1.1/salt/) to generate a Secret.\n\nYou can define a Secret like so:\n```\ndefine( 'GRAPHQL_JWT_AUTH_SECRET_KEY', 'your-secret-token' );\n```\n\nOr you can use the filter `graphql_jwt_auth_secret_key` to set a Secret like so:\n\n```\nadd_filter( 'graphql_jwt_auth_secret_key', function() {\n  return 'your-secret-token';\n});\n```\n\nThis secret is used in the encoding and decoding of the JWT token. If the Secret were ever changed on the server, ALL tokens that were generated with the previous Secret would become invalid. So, if you wanted to invalidate all user tokens, you can change the Secret on the server and _all_ previously issued tokens would become invalid and require users to re-authenticate.\n\n- Learn more about JWT: https://jwt.io/introduction/\n\n## HTTP_AUTHORIZATION\n\nIn order to use this plugin, your WordPress environment must support the HTTP_AUTHORIZATION header. In some cases, this header is not passed to WordPress because of some server configurations.\n\nDepending on your particular environment, you may have to research how to enable these headers, but in Apache, you can do the following in your `.htaccess`:\n\n```\nSetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n```\n\nFor NGINX, this may work: https://serverfault.com/questions/511206/nginx-forward-http-auth-user#answer-511612\n\n## How the plugin Works\n\n### Login User\n\nThis plugin adds a new `login` mutation to the WPGraphQL Schema.\n\nThis can be used like so:\n\n**Input-Type:** `LoginUserInput!`\n\n```graphql\nmutation LoginUser {\n  login( input: {\n    clientMutationId: \"uniqueId\",\n    username: \"your_login\",\n    password: \"your password\"\n  } ) {\n    authToken\n    user {\n      id\n      name\n    }\n  }\n}\n```\n\nThe `authToken` that is received in response to the login mutation can then be stored in local storage (or similar) and\nused in subsequent requests as an HTTP Authorization header to Authenticate the user prior to execution of the\nGraphQL request.\n\n- **Set authorization header in Apollo Client**: https://www.apollographql.com/docs/react/networking/authentication/#header\n- **Set authorization header in Relay Modern**: https://relay.dev/docs/en/network-layer.html\n- **Set authorization header in Axios**: https://github.com/axios/axios#axioscreateconfig\n\n\n### Register User\n\n**Input-Type:** `RegisterUserInput!`\n\n```graphql\nmutation RegisterUser {\n  registerUser(\n    input: {\n        clientMutationId: \"uniqueId\",\n        username: \"your_username\",\n        password: \"your_password\",\n        email: \"your_email\"\n    }) {\n    user {\n      jwtAuthToken\n      jwtRefreshToken\n    }\n  }\n}\n```\n\n### Refresh Auth Token\n\n**Input-Type:** `RefreshJwtAuthTokenInput!`\n\n```graphql\nmutation RefreshAuthToken {\n  refreshJwtAuthToken(\n    input: {\n      clientMutationId: \"uniqueId\"\n      jwtRefreshToken: \"your_refresh_token\",\n  }) {\n    authToken\n  }\n}\n```\n\n## Filters\n\nThe plugin offers some filters to hook into.\n\n### Change Auth Token expiration\n\n**Note: For security, we highly recommend, that the Auth Token is short lived. So do not set this higher than 300 seconds unless you know what you are doing.**\n\n```php\nfunction custom_jwt_expiration( $expiration ) {\n    return 60;\n}\n\nadd_filter('graphql_jwt_auth_expire', 'custom_jwt_expiration', 10);\n```\n\n- Argument: Expiration in seconds\n- Default: 300\n\n\n## Example using GraphiQL\n![Example using GraphiQL](https://github.com/wp-graphql/wp-graphql-jwt-authentication/blob/master/img/jwt-auth-example.gif?raw=true)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwp-graphql%2Fwp-graphql-jwt-authentication","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwp-graphql%2Fwp-graphql-jwt-authentication","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwp-graphql%2Fwp-graphql-jwt-authentication/lists"}