Functionality
Firstly, you’ll need a good understanding of how JWT(Javascript web tokens) work. Here’s a handy guide on using them.
Let’s get down to it. Install the plugin from the WordPress plugin registry. The plugin takes advantage of the WordPress rest API to create new endpoints from where you can create a token and validate it.
In order to make it work, add this to your root .htaccess file(the one sitting inside the WordPress directory):
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
This will pass the authorization header to WordPress. You’ll also need to add this in your wp-config.php file:
define('JWT_AUTH_CORS_ENABLE', true);
Next, use a rest API tool such as Insomnia or Postman to test if its working. To do this, pass a username and password field as a POST request to <yoursitename>/wp-json/jwt-auth/v1/token
. Here’s how I’ve done it.

That’s about it. Store the token locally on your application and pass it along every request you make to the server. Read the documentation to learn more about passing data to the client, token expiry time, etc.