This is one of quite few emails that I've got about JWT token and how to validate it (original message was modified):
Hello. Nice plugin. I have couple questions about validating a JWT token:
- is there an API end point to validate JWT token?
- if I have a PHP script that lives together with WordPress, how can validate a JWT token that I pass via GET or POST
These are great questions that gave me an idea to implement them in AAM 5.7.2 version. You can always get the latest upcoming version from the official WP repository.
Is there any API endpoint to validate JWT token? Yes, with AAM 5.7.2 or higher, you can validate the JWT token with new endpoint
/wp-json/aam/v1/validate-jwt. Here is the cURL command for the request:
curl -X POST \
-H 'Content-Type: application/json' \
-H 'cache-control: no-cache' \
How can validate a JWT token that I pass via GET or POST? By default AAM checks for the
HTTP_AUTHENTICATION header that contains Bearer token. However you have the ability to specify different location for the JWT or even multiple fallback locations. For example, you need to check if JWT is in GET (query) param and if not, then check POST and finally if not, then check header. In this case go to AAM page and on the Settings -> ConfigPress tab specify following config:
authentication.jwt.container = "query,post,header"
AAM will loop through each location until not empty JWT token is found. AAM is looking for
aam-jwt key in each location except header (here it checks for