Requirement
The mobile app authentication works based on JWT (JSON Web Token) which is a commonly used stateless user authentication standard used to securely transmit information between client and server in a JSON format.
Install the plugin via WordPress CMS
- Plugins → Add a New → Search for JWT Authentication for WP-API
- Click Install Now
Define secret key
Open the WordPress source code and open the file wp-config.php
then add the code below
define('JWT_AUTH_SECRET_KEY', 'fa15ebcc71196fddd8dd63e6da217accb8a0d148');
You should change the hash code to 32 characters by your setting secret key
hash code fa15ebcc71196fddd8dd63e6da217accb8a0d148 is a just sample value
JWT Expired Token
The mobile application uses JWT (JSON Web Token), which authenticates and authorizes users in web applications and APIs. Users who log in to the app have a lifetime to use. The default is 7 days from user login time.
Settings → Mobile → Authentication → JWT Expired Token
OTP
The app allows you to secure login with a one-time password (OTP). Traditional passwords are permanent and must be memorized. OTP passwords are unique and temporary for each session. This reduces the risk of exposure to malware and provides an additional layer of security for online access.
When the user logs in, registers, or forgets the password, the 6-digit number will be shown on the mobile screen, and you will receive the 6-digit number via email. OTP login is an optional feature.
Settings → Mobile → Authentication
- OTP Use: check the checkbox to enable it on the mobile app.
- OTP Code Expires: It’s the time limit for OTP verification. The unit is second. Usually, only be valid for 30 or 60 seconds
- OTP Email Subject: The title of the email when the system sends the verification code.
- OTP Email Email: The content of the email when the system sends the verification code.
The OTP is sending the verification code via email. Please make sure your email system is working correctly. Please refer to the Email Settings.