Skip to main content

service.jwt.bearer

Vasyl MartyniukLess than 1 minute

Syntax

service.jwt.bearer = "string"

The default value: header,query_param,post_param,cookie

Definition

The comma separated list of locations to look for a JWT token. When JWT Tokens service is enabled, AAM uses the list of provided places to search for JWT token that can be used to authenticate the HTTP request. This entire functionality is automatically invoced when WordPress core triggers the determine_current_useropen in new window filter.

A JWT token can be passed as:

  • the part of HTTP headers. The common header name is Authorization, however, you can configure a custom header with service.jwt.header_name option.
  • HTTP query (aka GET) parameter. The expected query parameter name is aam-jwt, however, it can be customized with service.jwt.query_param_name option.
  • HTTP POST parameter. The expected parameter name is aam-jwt, however, it can be customized with service.jwt.post_param_name option.
  • HTTP cookie. The expected cookie name is aam_jwt_token, however, you can customize it with service.jwt.cookie_name option.
  • Custom bearer. When none of the above satisfy your requirements, you may use the aam_extract_jwt_filter filter to extract the token.

In the example configurations below, AAM will attempt to extract the JWT token only from HTTP headers and query param.

[aam]
service.jwt.bearer = "header,query_param"
Virtual Assistant