Need gatsby-source-wordpress to support jwt authentication

[ytwguru]

Summary

I would like the gatsby-source-wordpress to support jwt authentication

Basic example

If possible, the gatsby-config for the plugin will include the potential to authenticate with the token

auth: {
  // If jwt_token is filled, then the source plugin will be allowed
  // to access endpoints that are accessible with a valid token.
  jwt_token : ""
}

Motivation

We use the jwt-authentication-for-wp-rest-api plugin for a project, but the gatsby-source-wordpress plugin only supports .htaccess and wordpress authentication.

[KyleAMathews]

Sounds great! Could you add a PR?

[ytwguru]

Sure thing.

[sarahannnicholson]

Hey! This seems like a great feature! Just a little curious about the progress?

[ghost]

Since there doesn't seem to be any progress, I'll try to figure this one out. 🤓

[sarahannnicholson]

hmm quick question, how would one make a jwt authenticated request to wordpress?
I had a peek at the gatsby-source-wordpres docs and couldn't find an example.
I was hoping to see some queries in GraphQL?

[ghost]

The authentication and usage of the token happens automatically behind the scenes, so you don't need to explicitly do anything different when using JWT authentication.

[sarahannnicholson]

Behind the scenes? hmm.
I think I'm still missing something. From what I understand, jwt extends the WP REST API. And I'd like to get data from one of the extended endpoints: ie)
{wp-domain}/wp-json/wp/v2/alerts?status=draft
This jwt-authentication feature is great cause now we don't need to worry about getting a token. But how do I get data from the extended endpoints? I didn't notice any new queries in my GraphiQL, and if I make a fetch in JavaScript it gives me an error unless I explicitly set the token in the request header.

[ghost]

Is this comment relevant? #9509 (comment)

@watzing also one thing - this adds support for jwt authorization - but it doesn't change endpoints that this plugin use.

F.e. we grab posts using /wp-json/wp/v2/posts route (which even with authorization will only show published posts). To get also drafts we would need to use /wp-json/wp/v2/posts?status=any or /wp-json/wp/v2/posts?status=publish,future,draft,pending (not really that familiar with some available options that wp-json shows):

publish, future, draft, pending, private, trash, auto-draft, inherit, request-pending, request-confirmed, request-failed, request-completed, any

But right now wordpress plugin doesn't support applying filters like that - this would need to be implemented separately

[sarahannnicholson]

ahh okay, yes that is exactly what I was trying to do :P thanks so much for the clarification!