JWT
Less than 1 minute
Syntax
${JWT.<pathToProperty>}
Definition
The JWT
marker serves as a robust tool for administering access policies based on JWT token claims. For a comprehensive understanding of the AAM JWT functionality, consult the Managing JWT tokens for WordPress article.
Access to token claims is granted in two distinct scenarios:
- When a HTTP request is dispatched to a WordPress RESTful API endpoint authenticated with a valid JWT token.
- When a user is authenticated to the site via a passwordless URL containing a valid JWT token.
AAM automatically stores the last valid JWT token in the database as the user's meta value aam_auth_token
.
In the provided example, AAM generates a JWT token with the following claims:
{
"iat": 1573608282,
"iss": "https://demo.aamportal.com",
"exp": 1573694682,
"jti": "a9627546-5389-43d5-8519-080a89a00948",
"userId": 673,
"group": "contractor",
"revocable": true,
"refreshable": false
}
The policy outlined below restricts the ability to manage any post if the group
property contains either the contractor
or freelancer
string value.
{
"Statement": [
{
"Effect": "deny",
"Resource": "PostType:post:posts",
"Action": [
"Edit",
"Delete",
"Publish"
],
"Condition": {
"In": {
"${JWT.group}": [
"contractor",
"freelancer"
]
}
}
}
]
}