Excited to share a new feature plugin to provide support for our own JWT Authentication with CoCart.
It’s free to download and is available via the WordPress plugin directory.
Minimum Requirements
You will need to have CoCart v3.8.1 or above installed to use this plugin.
Enable PHP HTTP Authorization Header
Shared Hosts
Most shared hosts have disabled the HTTP Authorization Header by default. To enable this option you’ll need to edit your .htaccess file by adding the following:
RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
or
RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
WPEngine
To enable this option you’ll need to edit your .htaccess file by adding the following (see [this issue]):
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Configuration
- Set a unique secret key in your
wp-config.php
file defined toCOCART_JWT_AUTH_SECRET_KEY
. - Install and activate plugin.
Token Expiration
By default, the token expires after two full days but can be filtered to change to your preference using this hook cocart_jwt_auth_expire
.
Here is an example changing it to expire after just 2 hours.
add_filter( 'cocart_jwt_auth_expire', function() { return MINUTE_IN_SECONDS * 120 });
Usage
- Authenticate via basic method with the login endpoint to get your token.
- Store the given token under
jwt_token
in your application. - Now authenticate any cart route with
Bearer
authentication with the token given.