Using on my site and excited with it so far. It does what it says on the tin, although there are a few drawbacks:
– When activated, no users are able to log out
– Documentation lists auth url parameter as ‘jwt’, but it should be ‘sso’
– Would be nice if the wordpress login page could automatically redirect to SSO page, or maybe just have a ‘continue to SSO’ button with the default form hidden until you click ‘I am an admin’ or something else to use the native auth. Current display means people will try logging in and then click the SSO button, which is a bit confusing.
– It is keyed off username AND e-mail. Email is not a great thing to key off since it may change in future if user changes their email in either SSO site or wordpress site. Also, in my case, users can have multiple accounts with identical e-mail. So an option to only key off username only (which cannot be changed in stock wordpress) would be ideal.
That said, having JWT auth is very useful and am much appreciative for this plugin! I am really excited to follow this plugin’s development, and hope it continues to improve in future too 🙂
- The topic ‘Great start for new JWT plugin’ is closed to new replies.