'
size='50' placeholder='client_abc123'>
Your JamAuth tenant client ID from app.jamauth.com
'
size='50'>
Default: https://app.jamauth.com
'
size='50'>
WordPress REST API endpoint for session validation (default: /wp-json/jamauth/v1/session)
app.jamauth.com', 'jamauth');
}
function jamauth_options_page() {
?>
JamAuth Settings
Usage Instructions
Use these shortcodes in your posts or pages:
[jamauth_gate]
[jamauth_protected]
Your premium content here
[/jamauth_protected]
Note: The gate must appear before protected content on the page.
';
}
/**
* Shortcode: [jamauth_protected]content[/jamauth_protected]
*/
add_shortcode('jamauth_protected', 'jamauth_protected_shortcode');
function jamauth_protected_shortcode($atts, $content = null) {
if (!$content) {
return '';
}
return '' .
do_shortcode($content) .
'
';
}
/**
* REST API endpoint for session validation
*/
add_action('rest_api_init', function() {
register_rest_route('jamauth/v1', '/session', array(
'methods' => 'GET',
'callback' => 'jamauth_validate_session',
'permission_callback' => '__return_true'
));
});
function jamauth_validate_session() {
$options = get_option('jamauth_settings');
$host = $options['host'] ?? 'https://app.jamauth.com';
// Forward cookies to JamAuth (server-to-server)
$cookie_header = $_SERVER['HTTP_COOKIE'] ?? '';
if (empty($cookie_header)) {
return new WP_REST_Response(
array('authenticated' => false),
401
);
}
// Call JamAuth refresh-session for validation
$response = wp_remote_post($host . '/.netlify/functions/refresh-session', array(
'headers' => array(
'Cookie' => $cookie_header,
'Content-Type' => 'application/json'
),
'timeout' => 10
));
if (is_wp_error($response)) {
// Fail closed on errors
return new WP_REST_Response(
array('authenticated' => false, 'error' => 'validation_failed'),
503
);
}
$status = wp_remote_retrieve_response_code($response);
if ($status === 200) {
$body = json_decode(wp_remote_retrieve_body($response), true);
return new WP_REST_Response(
array(
'authenticated' => true,
'email' => $body['email'] ?? null,
'client_id' => $body['client_id'] ?? null
),
200
);
}
return new WP_REST_Response(
array('authenticated' => false),
401
);
}