# Authentication The Version 4 comes with a JWT login system which means the authentication happens in a browser. Which means that when a page is loaded the WordPress is not aware of which user is accessing the page. Now, this means that the server will always render the page as a static and you will be able to host your sites 100% cached, or even static HTML pages. The benefit of using JWT tokens is huge both in terms of Loading speed and scalability. The WPLMS can work as a part of your site without impacting the overall site performance. That is *"**Do not convert your entire site into an LMS instead chose only a specific part of your site to work as LMS**"*. This is only possible if we migrate away from the WordPress cookie based authentication structure to a JWT based login system. ## Generating the Token The VibeBP plugin uses the function : `vibebp_generate_token($user)` for generating the token for the user. The $user is the a user object see below ``` { 'id' => //ID of the WordPress user 'username'=> // Login username of WordPress User 'slug'=> // User nicename of WordPress User 'email'=>// User email of WordPress User 'avatar'=> // User Photo URL of WordPress User 'displayname'=> // User Display Name of WordPress User 'roles'=> // WordPress user role, Accepts Array of roles [] 'caps'=> // WordPress user capability, Accepts Array of capabilities, edit_posts (instructors),manage_options(administrators), read (students) 'profile_link'=> //the Profile link } ``` There is further possibility to process the token using the filter and modify the user object stored in the token. For example, course data can be added to the token. However as JWT tokens are sometimes sent in request header, we recommend keeping the size to a limited less than 8kb. ## Expanding the Token In almost all addon / plugins that you will create you will be required to expand the JWT token sent in the API request. You can expand the JWT token can capture the User making the request. There are 2 ways to expand the token : 1. Use the VibeBP Filter on the Token: `$user = apply_filters('vibebp_api_get_user_from_token','',$body['token']);` 2. Use the `vibebp_expand_token($token)` function Both above ways are correct. See following code snippet from our Vibe Zoom addon for expanding the token : ``` register_rest_route( VIBE_ZOOM_API_NAMESPACE, '/user/meetings/recordings', array( 'methods' => 'POST', 'callback' => array( $this, 'get_meeting_recording' ), 'permission_callback' => array( $this, 'user_permissions_check' ), ) ); function user_permissions_check($request){ //Validate token send in Post request $body = json_decode($request->get_body(),true); if(!empty($body['token'])){ global $wpdb; $this->user = apply_filters('vibebp_api_get_user_from_token','',$body['token']); if(!empty($this->user)){ return true; } } return false; } function get_meetings($request){ global $wpdb,$bp; $args = json_decode($request->get_body(),true); $return = array( 'status'=>0, 'meetings'=>[] ); $meeting_args = array( 'post_type'=>'vibe_zoom', 'posts_per_page'=>20, 'paged'=>empty($args['page'])?'':$args['page'], 's'=>empty($args['s'])?'':$args['s'], 'orderby'=>empty($args['orderby'])?'none':$args['orderby'], 'order'=>empty($args['order'])?'':$args['order'], ); //Capture the USer ID from the token. $meeting_args['author']=$this->user->id; //Process using the user_id ``` The token also have an expiry value that the administrator sets in the WP admin - VibeBP - Settings - General. This token is also used in Amazon S3 uploads in S3 plugin, Vimeo Uploads in VideoVibe Plugin. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.wplms.io/developer-guide/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.