Tips & Tricks

How to Authenticate Users in Flutter Using WordPress JWT

How to Authenticate Users in Flutter Using WordPress JWT

June 20, 2025
WordPress JWT auth

If you’re building a Flutter app powered by WordPress, and you want users to log in, submit content, or access personalized data — you need a secure authentication method.

One of the most effective and widely adopted ways to do this is through JWT (JSON Web Token) authentication. It’s fast, stateless, and well-suited for mobile apps communicating with a REST API backend — such as WordPress.

In this article, we’ll walk through the conceptual workflow of authenticating users in Flutter using WordPress JWT.

What is JWT?

JWT (JSON Web Token) is a compact, self-contained token format used for securely transmitting information between parties. In this case, it allows a Flutter app to authenticate with your WordPress backend — and stay logged in for a defined session.

A JWT token typically contains:

  • A header

  • A payload (user ID, email, expiration, etc.)

  • A signature (used to verify the token)

Why Use JWT with WordPress?

  • Stateless login: No need for server-side sessions

  • Mobile-friendly: Ideal for single-page apps and mobile clients

  • Lightweight & fast: Minimal overhead in each request

  • Token reuse: Keep users logged in until token expiration

Prerequisites

  1. WordPress REST API enabled (standard in WP 4.7+)

  2. JWT Authentication plugin installed and configured:

    • Recommended plugin: JWT Authentication for WP REST API

    • Set required headers and secret key in wp-config.php

Authentication Flow (High-Level Steps)

1. User Enters Credentials

In your Flutter app, show a login form that captures:

  • Username or email

  • Password

2. Flutter Sends Login Request

Flutter sends a POST request to:

/wp-json/jwt-auth/v1/token

with a JSON body like:

{
"username": "user@example.com",
"password": "yourpassword"
}

3. Receive JWT Token

If the credentials are correct, WordPress returns a token response:

{
"token": "eyJ0eXAiOiJKV1QiLCJhbGci...",
"user_email": "user@example.com",
"user_display_name": "John Doe",
"user_nicename": "johndoe"
}

4. Store the Token

Flutter stores the JWT locally (using secure storage or encrypted shared preferences). This token is used for future authenticated API requests.

5. Send Authenticated Requests

For all protected endpoints (e.g., posting, editing, viewing private data), include the token in the HTTP headers:

Authorization: Bearer <your-token-here>
Share this
Tweet this
Email this