JWT

# Syntax

${JWT.<pathToProperty>}

# Definition

The JWT marker serves as a robust tool for administering access policies based on JWT token claims. For a comprehensive understanding of the AAM JWT functionality, consult the Managing JWT tokens for WordPress article.

Access to token claims is granted in two distinct scenarios:

• When a HTTP request is dispatched to a WordPress RESTful API endpoint authenticated with a valid JWT token.
• When a user is authenticated to the site via a passwordless URL containing a valid JWT token.

AAM automatically stores the last valid JWT token in the database as the user's meta value aam_auth_token.

In the provided example, AAM generates a JWT token with the following claims:

{
  "iat": 1573608282,
  "iss": "https://demo.aamportal.com",
  "exp": 1573694682,
  "jti": "a9627546-5389-43d5-8519-080a89a00948",
  "userId": 673,
  "group": "contractor",
  "revocable": true,
  "refreshable": false
}

The policy outlined below restricts the ability to manage any post if the group property contains either the contractor or freelancer string value.

{
  "Statement": [
    {
      "Effect": "deny",
      "Resource": "PostType:post:posts",
      "Action": [
        "Edit",
        "Delete",
        "Publish"
      ],
      "Condition": {
        "In": {
          "${JWT.group}": [
            "contractor",
            "freelancer"
          ]
        }
      }
    }
  ]
}