Title: Using with JWT authentication Last modified: July 17, 2019 --- # Using with JWT authentication * Resolved [menathor](https://wordpress.org/support/users/menathor/) * (@menathor) * [6 years, 9 months ago](https://wordpress.org/support/topic/using-with-jwt-authentication/) * Hi guys! * I’m using JWT authentication ([https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/](https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/)) to authenticate an app which connects via the API. * Just wondering what I need to do to use the plugin with this? Is there a way of submitting OTP codes via the API along with the other login details? * Cheers Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Kaspars](https://wordpress.org/support/users/kasparsd/) * (@kasparsd) * [6 years, 9 months ago](https://wordpress.org/support/topic/using-with-jwt-authentication/#post-11743985) * There is no standard way to use two factor authentication for API calls. * We disabled API-level authentication for users with two-factor enabled in [this pull request](https://github.com/georgestephanis/two-factor/pull/271). * There is a filter to remove this restriction and allow password based authentication for users with two-factor enabled: * ``` add_filter( 'two_factor_user_api_login_enable', '__return_true' ); ``` * You can also adjust the return value for the filter based on the user ID value that is passed [as the second parameter to this filter](https://github.com/georgestephanis/two-factor/blob/ebbdaf3692deff5794d181e21944679f2dd3fd2c/class.two-factor-core.php#L273). * I strongly suggest you install and use the [Application Passwords plugin](https://wordpress.org/plugins/application-passwords/) instead of sharing your regular user password with applications. - This reply was modified 6 years, 9 months ago by [Kaspars](https://wordpress.org/support/users/kasparsd/). Reason: Mention the user ID param for the filter * Thread Starter [menathor](https://wordpress.org/support/users/menathor/) * (@menathor) * [6 years, 9 months ago](https://wordpress.org/support/topic/using-with-jwt-authentication/#post-11744604) * Thanks for the reply Kaspars. Just to clarify, does the ‘two_factor_user_api_login_enable’ filter allow API authentication without requiring the OTP? Or does the OTP need to be supplied along with the username and password? * I’m creating a single mobile app for my multisite membership site that needs to work without manually configuring settings for each user. I’m making the experience similar to other mobile apps, i.e. login with email address and password. That’s why I was leaning towards JWT authentication. * I was hoping to somehow add OTPs on top of this. Perhaps there’s a hack that would let me do it in the app? For example after a successful token auth, is there a way to retrieve the authenticator secret via the options API or something? That would allow me to validate the same OTP codes in the app. * Cheers - This reply was modified 6 years, 9 months ago by [menathor](https://wordpress.org/support/users/menathor/). * Plugin Author [Kaspars](https://wordpress.org/support/users/kasparsd/) * (@kasparsd) * [6 years, 9 months ago](https://wordpress.org/support/topic/using-with-jwt-authentication/#post-11744814) * > does the ‘two_factor_user_api_login_enable’ filter allow API authentication > without requiring the OTP? * Yes, correct. It will essentially disable the second factor for API authentication. * > I was hoping to somehow add OTPs on top of this. Perhaps there’s a hack that > would let me do it in the app? * I’m not aware of any application or service doing this. Even Google requires you to use application passwords for apps to get around the two-factor restrictions. * Thread Starter [menathor](https://wordpress.org/support/users/menathor/) * (@menathor) * [6 years, 9 months ago](https://wordpress.org/support/topic/using-with-jwt-authentication/#post-11744954) * Ok cool, thank you! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Using with JWT authentication’ is closed to new replies. * ![](https://ps.w.org/two-factor/assets/icon.svg?rev=2887448) * [Two Factor](https://wordpress.org/plugins/two-factor/) * [Frequently Asked Questions](https://wordpress.org/plugins/two-factor/#faq) * [Support Threads](https://wordpress.org/support/plugin/two-factor/) * [Active Topics](https://wordpress.org/support/plugin/two-factor/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/two-factor/unresolved/) * [Reviews](https://wordpress.org/support/plugin/two-factor/reviews/) * 4 replies * 2 participants * Last reply from: [menathor](https://wordpress.org/support/users/menathor/) * Last activity: [6 years, 9 months ago](https://wordpress.org/support/topic/using-with-jwt-authentication/#post-11744954) * Status: resolved