Using with JWT authentication
-
Hi guys!
I’m using JWT authentication (https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/) to authenticate an app which connects via the API.
Just wondering what I need to do to use the plugin with this? Is there a way of submitting OTP codes via the API along with the other login details?
Cheers
-
There is no standard way to use two factor authentication for API calls.
We disabled API-level authentication for users with two-factor enabled in this pull request.
There is a filter to remove this restriction and allow password based authentication for users with two-factor enabled:
add_filter( 'two_factor_user_api_login_enable', '__return_true' );
You can also adjust the return value for the filter based on the user ID value that is passed as the second parameter to this filter.
I strongly suggest you install and use the Application Passwords plugin instead of sharing your regular user password with applications.
Thanks for the reply Kaspars. Just to clarify, does the ‘two_factor_user_api_login_enable’ filter allow API authentication without requiring the OTP? Or does the OTP need to be supplied along with the username and password?
I’m creating a single mobile app for my multisite membership site that needs to work without manually configuring settings for each user. I’m making the experience similar to other mobile apps, i.e. login with email address and password. That’s why I was leaning towards JWT authentication.
I was hoping to somehow add OTPs on top of this. Perhaps there’s a hack that would let me do it in the app? For example after a successful token auth, is there a way to retrieve the authenticator secret via the options API or something? That would allow me to validate the same OTP codes in the app.
Cheers
The topic ‘Using with JWT authentication’ is closed to new replies.
