Περιγραφή

This free add-on for CoCart allows you to authenticate the Cart API via JSON Web Tokens as an authentication method.

★★★★★

An excellent plugin, which makes building a headless WooCommerce experience a breeze. Easy to use, nearly zero setup time. Harald Schneider

Key Features

Standard JWT Authentication: Implements the industry-standard RFC 7519 for secure claims representation.
Simple Endpoints: Offers clear endpoints for generating and validating tokens.
Configurable Secret Key: Define your unique secret key via wp-config.php for secure token signing.
Multiple signing algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512
Rate Limiting: Controlled specifically for refreshing and validating tokens.
Helpful Debugging: Detailed logs of authentication issues to help figure out exactly what happened and fix it faster.
WP-CLI Commands: Useful commands to handle tokens – whether you need to check, destroy or create new ones, or clean up old ones.
Developer Hooks: Provides filters and hooks for more configuration to your requirements.

JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.

For more information, read the core concept on what this plugin does and can do.

📄 Documentation

See documentation on how to get setup, filters and hooks with examples to help configure JWT Authentication to your needs.

Once ready to use, see the quick start guide. There is also an advanced configuration for using RSA Keys.

★★★★★

Amazing Plugin. I’m using it to create a react-native app with WooCommerce as back-end. This plugin is a life-saver! Daniel Loureiro

👍 Add-ons to further enhance CoCart

We also have other add-ons that extend CoCart to enhance your headless store development.

CoCart – CORS enables support for CORS to allow CoCart to work across multiple domains.
CoCart – Rate Limiting enables the rate limiting feature.

These add-ons of course come with support too.

💜 Need Support?

We aim to provide regular support for the CoCart plugin via our Discord community server. Please understand that we do prioritize support for our paying customers.

⌨️ Join our growing community

On Discord, we have a community of developers, WordPress agencies, and shop owners building the fastest and best headless WooCommerce stores with CoCart.

Come and join our community

🐞 Bug reports

Bug reports for CoCart JWT Authentication are welcomed in the CoCart JWT Authentication repository on GitHub. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.

More information

Website.
Documentation
Subscribe to updates
Like, Follow and Star on Facebook, X/Twitter, Instagram and GitHub

💯 Credits

This plugin is developed and maintained by Sébastien Dumont.
Founder of CoCart Headless, LLC.

Εγκατάσταση

Minimum Requirements

WordPress v5.6
WooCommerce v7.0
PHP v7.4
CoCart v4.3

Recommended Requirements

WordPress v6.0 or higher.
WooCommerce v9.0 or higher.
PHP v8.0 or higher.

Automatic installation

Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser. To do an automatic install of CoCart JWT Authentication, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.

In the search field type “CoCart JWT Authentication” and click Search Plugins. Once you’ve found the plugin you can view details about it such as the point release, rating and description. Most importantly of course, you can install it by simply clicking “Install Now”.

Manual installation

The manual installation method involves downloading the plugin and uploading it to your webserver via your favourite FTP application. The WordPress codex contains instructions on how to do this here.

Upgrading

It is recommended that anytime you want to update “CoCart JWT Authentication” that you get familiar with what’s changed in the release.

CoCart JWT Authentication uses Semver practices. The summary of Semver versioning is as follows:

MAJOR version when you make incompatible API changes.
MINOR version when you add functionality in a backwards compatible manner.
PATCH version when you make backwards compatible bug fixes.

You can read more about the details of Semver at semver.org

Συχνές Ερωτήσεις

What is CoCart?: CoCart is developer-first REST API to decouple WooCommerce on the frontend and allow you to build modern storefronts with full control over auth, sessions, cart and product flows.
Will this work with WooCommerce REST API?: No! The WooCommerce REST API only use their own API key system to utilize it.
Can I use this with ordinary REST API endpoints?: No! This JWT Authentication was specifically designed for the CoCart API ONLY.
I’m getting fatal error of allowed memory exhausted – a 500 error response. Why?: It is possible due to a plugin conflict e.g. Login Limit and the token used failed many times and the IP address may have been blacklisted.
What algorithms does this plugin support?: It supports HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512
How secure is CoCart JWT Authentication ?: CoCart JWT authentication is very secure when implemented correctly. Make sure to use a strong secret key and keep it confidential.
How do I apply Rate Limiting?: Rate Limiting is only available with CoCart Plus

Κριτικές

Δεν υπάρχουν αξιολογήσεις για αυτό το πρόσθετο.

Συνεισφέροντες & Προγραμματιστές

“CoCart JWT Authentication” είναι λογισμικό ανοιχτού κώδικα. Οι παρακάτω έχουν συνεισφέρει στη δημιουργία του.

Μεταφράστε το “CoCart JWT Authentication” στην γλώσσα σας.

Ενδιαφέρεστε για την ανάπτυξη;

Περιηγηθείτε στον κώδικα, ανατρέξτε στο αποθετήριο SVN ή εγγραφείτε στο αρχείο καταγραφής αλλαγών ανάπτυξης μέσω RSS .

Σύνοψη αλλαγών

v3.0.2 – 21st March, 2026

Bug Fix

Fixed an edge case where token creation time could return an incorrect value when a token was invalid.
Fixed token ID generation failing if a collision was detected.
Fixed refreshing a token failing when no refresh token was provided.
Fixed tokens not being properly cleared when a user resets their password.

Compatible

Tested with WooCommerce v10.6

v3.0.1 – 3rd December, 2025

What’s New?

Dashboard: Added plugin action links.

Bug Fix

Dashboard: WooCommerce System Status was not accessible.

Compatible

Tested with WordPress v6.9
Tested with WooCommerce v10.3

v3.0.0 – 20th September, 2025

📢 This update will invalidate previous tokens as they will no longer be valid.

With this update we have improved tracking of tokens to be dual-secured with a PAT (Personal Access Token) ID. This also makes sure users don’t get unnecessary new tokens when already authenticated for proper token life cycle management and prevent token proliferation when users are already authenticated.

What’s New?

Plugin: Refactored the plugin for better management and performance.
Plugin: Added background database cleanup for legacy user meta data on plugin activation.
REST-API: Users can now have multiple active token sessions, each tracked separately for different devices/browsers.
REST-API: Refresh tokens are now properly linked to their corresponding JWT tokens.
REST-API: Existing tokens are returned when authenticating with Bearer tokens (prevents token proliferation).
WP-CLI: Creating a token now accepts the user ID, email or login. See documentation for updated command.
WP-CLI: Added new destroy command to remove tokens for specific users with confirmation prompts.
Dashboard: Added setup guide with secret key generator.

Bug Fix

WP-CLI: Fixed loading of localization too early.

Improvements

Plugin: Tokens will now log the last login timestamp. This is also part of the PAT (Personal Access Token).
Plugin: Meta data is hidden from custom fields.
REST-API: Authorization will fail if the user has no tokens in session.
REST-API: Authorization will fail if the token is not found in session.
REST-API: Token refresh now uses proper session rotation for enhanced security.
WP-CLI: Listing user tokens will now list each token a user has. See documentation for updated command.
WP-CLI: Now localized.

Developers

Introduced new filter cocart_jwt_auth_max_user_tokens that sets the maximum number of tokens stored for a user.
Introduced new action hook cocart_jwt_auth_authenticated that fires when a user is authenticated.

Compatibility

Tested with CoCart v4.8

View the full changelog here.

Περιγραφή

Key Features

📄 Documentation

👍 Add-ons to further enhance CoCart

💜 Need Support?

⌨️ Join our growing community

🐞 Bug reports

More information

💯 Credits

Εγκατάσταση

Minimum Requirements

Recommended Requirements

Automatic installation

Manual installation

Upgrading

Συχνές Ερωτήσεις

What is CoCart?

Will this work with WooCommerce REST API?

Can I use this with ordinary REST API endpoints?

I’m getting fatal error of allowed memory exhausted – a 500 error response. Why?

What algorithms does this plugin support?

How secure is CoCart JWT Authentication ?

How do I apply Rate Limiting?

Κριτικές

Συνεισφέροντες & Προγραμματιστές

Ενδιαφέρεστε για την ανάπτυξη;

Σύνοψη αλλαγών

v3.0.2 – 21st March, 2026

Bug Fix

Compatible

v3.0.1 – 3rd December, 2025

What’s New?

Bug Fix

Compatible

v3.0.0 – 20th September, 2025

What’s New?

Bug Fix

Improvements

Developers

Compatibility

Μεταστοιχεία

Αξιολογήσεις

Συντελεστές

Υποστήριξη