You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: readme.txt
+9-16
Original file line number
Diff line number
Diff line change
@@ -20,30 +20,23 @@ WordPress JSON Web Token Authentication allows you to do REST API authentication
20
20
21
21
## Upgrading to v3
22
22
23
-
[The latest version](https://github.com/usefulteam/jwt-auth/) of this plugin will soon be released on the WordPress.org plugin repo.
23
+
When updating from v2 to v3, familiarise yourself with its changes to ensure that your site continues to work as expected:
24
24
25
-
If you are updating from V2.x to V3.x you should familiarise yourself with the upcoming changes to ensure that your site continues to work as you expect it to.
26
-
27
-
There are two imoportant changes:
28
-
29
-
= Introduction of refresh tokens =
30
-
31
-
[See this section of the readme on GitHub](https://github.com/usefulteam/jwt-auth#refreshing-the-access-token)
- Default JWT expiry time will reduce from 7 days to 10 minutes.
36
-
- On expiry of a JWT, your client will need to manage getting a new token using the [refresh token process described here](https://github.com/usefulteam/jwt-auth#refreshing-the-access-token).
37
-
- If you would prefer to retain the 7 day expiry time initially or permanently, you can use the `jwt_auth_expire` hook as documented on this page to force the expiry time to remain at 7 days.
29
+
- Default JWT access token expiry time has been reduced from 7 days to 10 minutes.
30
+
- On expiry of a JWT, clients need to retrieve a new access token using the [refresh token as described here](https://github.com/usefulteam/jwt-auth#refreshing-the-access-token).
31
+
- To retain the 7 day expiry time, use the hook `jwt_auth_expire`.
38
32
39
-
= Removal of the URL whitelist and related filter =
33
+
= Removed Whitelist =
40
34
41
35
Key changes:
42
36
43
-
- Users of this plugin will no longer need to whitelist the REST paths from other plugins using the `jwt_auth_whitelist` as documented on this page.
44
-
- Instead, custom API routes should have the permissions requirement coded via the [permissions callback](https://developer.wordpress.org/rest-api/extending-the-rest-api/adding-custom-endpoints/#permissions-callback) of the REST API route when it is registered.
45
-
- This means that if a route requires authentication, any authentication method can be used and should reduce conflicts between this and other plugins.
46
-
- For further information please see [this discussion](https://github.com/usefulteam/jwt-auth/pull/60) on GitHub.
37
+
- You no longer need to whitelist REST paths from other plugins with the hook `jwt_auth_whitelist`. You can remove the hook.
38
+
- Instead, custom REST API routes should have access requirements specified with the [permissions callback](https://developer.wordpress.org/rest-api/extending-the-rest-api/adding-custom-endpoints/#permissions-callback) when it is registered.
39
+
- This means that if a route requires authentication, any authentication method can be used and this should reduce conflicts between this and other plugins. See [this discussion](https://github.com/usefulteam/jwt-auth/pull/60) for further information.
0 commit comments