It’s not easy for me to make it work
-
I can’t find references about how to block endpoints. You can use a code like this:
// add user id to the token to store on your front end
function add_user_id_and_role_to_jwt_response( $data='', $user='' ) {
$data[ 'user_id' ] = $user->data->ID;
return $data;
}
add_filter( 'jwt_auth_token_before_dispatch', 'add_user_id_and_role_to_jwt_response', 10, 2);
// create a callback function
function token_jwt_permission_callback ( WP_REST_Request $request = null ) {
$user_id = sanitize_text_field( $request->get_param( 'user_id' ) );
$jwt = new Jwt_Auth();
$jwt_public = new Jwt_Auth_Public( $jwt->get_plugin_name(), $jwt->get_version() );
$user_id_at_token = $jwt_public->determine_current_user( $user_id );
$validate_token = $jwt_public->validate_token( $request );
$valid_token = false;
if ( !is_wp_error( $validate_token ) ) {
$valid_token = ( $validate_token[ 'code' ] === 'jwt_auth_valid_token' );
}
if ( !$valid_token || $user_id != $user_id_at_token ) {
return false;
}
return true;
}
// when register your route:
register_rest_route( self::get_plugin_namespace(), '/get_services', array(
array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'get_services' ),
'permission_callback' => 'token_jwt_permission_callback', // <<<<<< set your callback here
)
) );
- You must be logged in to reply to this review.
