We’d like to support the WordPress preview functionality for both the decoupled and the embedded mode, so it the CMS experience remains the same.
We could use the Embedded mode to support the preview in the decoupled. We’d need a WordPress plugin for that. This was our first idea:
The JWT generated contains information in its payload about:
- The expiring time
- The post ID
The expiring time for the normal preview is 60 seconds, enough time to send the request to Frontity and Frontity send the request back to the REST API. After those 60 seconds it is not valid anymore.
A new token is generated for each request (each time the user clicks on the Preview button). That is because each time the expiring time changes, that means that the payload is different and the token is different.
The expering time for the publicly sharable link is infinite. That means that the token is always the same. To avoid having to save token in the database, just a post meta
"public-share" setting is saved. The non-expiring token is only valid if that post meta is true. Disabling the sharable link simply turns the
"public-share" meta to false.
The secret key used is a constant that the user needs to define in
PREVIEW_AUTH_KEY but it defaults to
SECURE_AUTH_KEY if missing.