Strapi jwt auth without users created not giving the role to the token

Hello, I am doing an authentication with wordpress json, which is all correct, then through a custom strapi component I am making again the wordpress token authentication to check if token is valid, and what role it has. What I need later is to create strapi jwt token with the correct role, the token is generated, but for some reason it comes without any role.

Here screenshots:

This topic has been created from a Discord post (1214576207446941786) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

This is the response from strapi,

the token below is the one that strapi gave me, when I try to use that token to fetch strapi products data, it gives unauthorized


“use strict”;

const fetch = require(“node-fetch”);

module.exports = {
async verifyToken(ctx) {
console.log(“verifyToken called”);
const { token } = ctx.request.body;

if (!token) {
  return ctx.badRequest("No token provided");

try {
  const wpResponse = await fetch(
      headers: {
        Authorization: `Bearer ${token}`,

  if (!wpResponse.ok) {
    throw new Error("Failed to fetch user data");

  const wpUserData = await wpResponse.json();
  console.log("WordPress User Data:", wpUserData);

  // Assuming roles are directly usable and match with Strapi's permissions system
  const strapiRoleName = wpUserData.acf.strapirole;
  console.log("strapiRoleName:", strapiRoleName);

  // Generate a JWT token with the role's permissions only
  const jwt = strapi.plugins["users-permissions"].services.jwt.issue({
    role: strapiRoleName,

  // Respond with the Strapi JWT token
  ctx.body = {
    status: "success",
    message: "Token verified",
    token: jwt, // This JWT is for API access, with only the role's permissions
    strapiRole: strapiRoleName,
} catch (error) {
  console.error("Error verifying token:", error);
  ctx.body = {
    status: "error",
    message: "Token verification failed",
    error: error.message,


the roles in strapi have the same ones in acf field, Admin, User and StoreManager

I created a strapi api key with full access and it works perfectly fetching the data with that, but when trying to fetch data with this auto generated token, i get unauthorized

Can anyone help me how to generate a strapi jwt token with the given roles? I don’t want to register users in strapi, as they are managed from wordpress end

The previous code works fine, in the meaning of I can execute it remotely, and it returns the info. What fails is the creation of the strapi jwt token with the right role

I presume that you need not only role but an actual user

Since auth is ctx.state.user

Try to create some bulk user and issue user and not role

Mmmm so create or find a user before?