How the WPLMS Authentication works.
The Version 4 comes with a JWT login system which means the authentication happens in a browser. Which means that when a page is loaded the WordPress is not aware of which user is accessing the page. Now, this means that the server will always render the page as a static and you will be able to host your sites 100% cached, or even static HTML pages.
The benefit of using JWT tokens is huge both in terms of Loading speed and scalability. The WPLMS can work as a part of your site without impacting the overall site performance. That is "Do not convert your entire site into an LMS instead chose only a specific part of your site to work as LMS". This is only possible if we migrate away from the WordPress cookie based authentication structure to a JWT based login system.
The VibeBP plugin uses the function :
vibebp_generate_token($user)for generating the token for the user. The $user is the a user object see below
'id' => //ID of the WordPress user
'username'=> // Login username of WordPress User
'slug'=> // User nicename of WordPress User
'email'=>// User email of WordPress User
'avatar'=> // User Photo URL of WordPress User
'displayname'=> // User Display Name of WordPress User
'roles'=> // WordPress user role, Accepts Array of roles 
'caps'=> // WordPress user capability, Accepts Array of capabilities, edit_posts (instructors),manage_options(administrators), read (students)
'profile_link'=> //the Profile link
There is further possibility to process the token using the filter and modify the user object stored in the token. For example, course data can be added to the token. However as JWT tokens are sometimes sent in request header, we recommend keeping the size to a limited less than 8kb.
In almost all addon / plugins that you will create you will be required to expand the JWT token sent in the API request. You can expand the JWT token can capture the User making the request. There are 2 ways to expand the token :
- 1.Use the VibeBP Filter on the Token:
$user = apply_filters('vibebp_api_get_user_from_token','',$body['token']);
- 2.Use the
Both above ways are correct. See following code snippet from our Vibe Zoom addon for expanding the token :
register_rest_route( VIBE_ZOOM_API_NAMESPACE, '/user/meetings/recordings', array(
'methods' => 'POST',
'callback' => array( $this, 'get_meeting_recording' ),
'permission_callback' => array( $this, 'user_permissions_check' ),
//Validate token send in Post request
$body = json_decode($request->get_body(),true);
$this->user = apply_filters('vibebp_api_get_user_from_token','',$body['token']);
$args = json_decode($request->get_body(),true);
$return = array(
$meeting_args = array(
//Capture the USer ID from the token.
//Process using the user_id
The token also have an expiry value that the administrator sets in the WP admin - VibeBP - Settings - General.
This token is also used in Amazon S3 uploads in S3 plugin, Vimeo Uploads in VideoVibe Plugin.