SleekView for WPGraphQL JWT Authentication: users & tokens as tables
WPGraphQL JWT Authentication issues JWTs to WPGraphQL clients and stores per-user secrets and revocation flags in wp_usermeta. SleekView turns user accounts, token state, and refresh status into one queryable admin view.
♾️ Lifetime License available
See JWT-authenticated users without writing a custom admin
WPGraphQL JWT Authentication issues JSON Web Tokens to clients that authenticate against the WPGraphQL endpoint. The plugin stores a per-user secret and a revocation flag in wp_usermeta under keys like graphql_jwt_auth_secret and graphql_jwt_auth_secret_revoked, and any refresh-token state and last-login timestamps go through the same user meta layer. The default WordPress users screen has no idea any of this exists, which makes auditing JWT users awkward on busy headless sites.
SleekView reads wp_users together with the JWT-related wp_usermeta keys, so every user becomes a row with their graphql_jwt_auth_secret_revoked state, last-login timestamp, role, and registration date as proper columns. Filter on revoked users, by role, or by last-login age. Sort by recent activity. Inline edit the revocation flag, or rotate the user secret through the plugin's own functions when triaging compromised accounts.
Writes route through WordPress core (update_user_meta) and through WPGraphQL JWT's own helpers where appropriate, so any plugin or hook that listens for revocation or refresh events fires normally. Saved views per role give engineering and support each their own slice of the user table, with the columns and filters that match an incident response or onboarding workflow.
Workflow
From WPGraphQL JWT meta to one user table
Pick the users source
wp_users together with wp_usermeta for whichever JWT and activity meta keys you choose to surface.
Compose columns
Filter and group
Edit through core
update_user_meta and the plugin's helpers where appropriate. Hooks bound to revocation and refresh events fire normally.
Sample columns
A typical WPGraphQL JWT user view
graphql_jwt_auth_secret_revoked and last-login meta.
wp_users + wp_usermeta (graphql_jwt_auth_secret, graphql_jwt_auth_secret_revoked, refresh state)
| User | Role | Registered | Last login | Revoked | Status |
|---|---|---|---|---|---|
| alex@studio.co | Editor | Jan 12 | Apr 24 | No | Active |
| ria@design.io | Author | Feb 03 | Apr 18 | No | Idle |
| tom@hello.dev | Subscriber | Mar 05 | Apr 25 | Yes | Revoked |
| mia@brew.coop | Editor | Apr 01 | Apr 23 | No | Active |
Comparison
Default WP users screen vs SleekView
Default WP users screen
-
Default users screen has no notion of
graphql_jwt_auth_secret_revoked - Last-login meta isn't a sortable column
- Filtering revoked or idle users needs custom code or SQL
- Bulk-revoking JWT secrets after a leak means a CLI script
- No way to share a JWT-focused user table with engineering or support
SleekView
- Revocation state as a real column
- Last-login timestamps as a sortable column
- Filter on revoked, idle, or role-scoped users
-
Bulk update
graphql_jwt_auth_secret_revokedthrough the table - Saved views per role for engineering and support
Features
What SleekView gives you for WPGraphQL JWT Authentication
JWT meta as columns
graphql_jwt_auth_secret_revoked, refresh state, and last-login meta become first-class columns. Auditing JWT users stops being a SQL exercise.
Bulk revocation
Filter to a cohort (idle users, a specific role, a date range) and bulk-revoke JWT secrets in one operation. Writes route through update_user_meta so other plugins see consistent state.
Last-login visibility
Sort by last-login age to see idle accounts at the top. Useful for housekeeping, license audits, and identifying suspicious activity.
Audience
Who uses SleekView for WPGraphQL JWT
Security engineering
Audit JWT-authenticated users by last login and revocation state. Bulk-revoke compromised cohorts in one operation rather than running a WP-CLI loop.
Support teams
Triage account issues from one user table with role, registration date, and revocation state visible. Inline edits resolve common JWT problems without dropping to the CLI.
Platform engineering
Stop writing one-off SQL when a user's token misbehaves. SleekView surfaces the JWT meta and lets engineering operate on it the same way it operates on other user data.
The bigger picture
Why JWT-authenticated WordPress needs a real user table
WPGraphQL JWT Authentication is the default way to authenticate clients against a headless WordPress site, and it's quietly load-bearing for serious decoupled stacks. The plugin does the right thing on the auth side: per-user secrets, a revocation flag, and refresh-token support. What it doesn't do, and isn't really expected to do, is give administrators a clean view of who's using JWT, who's idle, and who's been revoked.
The default WordPress users screen has no concept of any of it. Teams end up writing WP-CLI scripts or one-off SQL whenever a token misbehaves. SleekView turns that audit job into a normal admin table.
Revocation flags, last-login timestamps, refresh state, and role are real columns. Bulk operations route through update_user_meta so hooks fire normally. Engineering and support each get a saved view tuned to their workflow, and the admin finally treats JWT users as the first-class objects they already are in the database.
Questions
Common questions about SleekView for WPGraphQL JWT Authentication
Yes. SleekView reads graphql_jwt_auth_secret, graphql_jwt_auth_secret_revoked, and any refresh-related meta from wp_usermeta. The columns can be added on demand so user tables stay narrow when JWT data isn't relevant.
Yes. Apply a filter (idle accounts, a role, a date range) and revoke selected users in one operation. Writes go through update_user_meta, so any plugin or hook that listens for the revocation flag fires normally.
Yes, if a last-login plugin or your own hook records the timestamp in wp_usermeta. SleekView can also be configured to log a timestamp on its own per role if you don't already track this.
Yes. WPGraphQL JWT's refresh token model writes through standard user meta and core hooks. SleekView surfaces refresh state as a column and lets you reset it inline where the plugin permits.
Custom claims are part of the token, not the database. SleekView reads the meta that backs the secret and revocation state; claim configuration stays in code. Once tokens are issued, the SleekView view reflects revocation immediately.
No. SleekView never shows the secret value itself. It exposes presence, age, and revocation state, which is what's actually useful for audits. The underlying secret stays in wp_usermeta exactly as the plugin stores it.
Yes. Any view exports to CSV from the table header with active filters and column order respected. The export reads from the same query the table is showing, useful for compliance and incident reports.
Yes. SleekView paginates against the same wp_users indexes WordPress uses, and the meta joins are scoped to chosen columns. Sites with hundreds of thousands of users stay fast because joins only target the JWT meta keys you've added.
Pricing
More than 1000+
happy customers
Explore our flexible licensing options tailored to your needs. Upgrade your license anytime to access more features, or opt for a lifetime license for ongoing value, including lifetime updates and lifetime support. Our hassle-free upgrade process ensures that our platform can grow with you, starting from whichever plan you choose.
Lifetime ♾️
Most popular
EUR
once
- Unlimited websites
- Lifetime updates
- Lifetime support
...or get the Bundle Deal
and save €250 🎁
The Bundle (unlimited sites)
Pay once, own it forever
Elevate your WordPress site with our exclusive plugin bundle that includes all of our premium plugins in one package. Enjoy lifetime updates and lifetime support. Save significantly compared to buying plugins individually.
What’s included
-
SleekAI
-
SleekByte
-
SleekMotion
-
SleekPixel
-
SleekRank
-
SleekView
€749
Continue to checkoutBrowse more
- Woocommerce Stripe Gateway
- Woocommerce Payments Stripe
- Edd Fes Frontend Submissions
- Woocommerce Postnord
- Wcfm Frontend Manager
- Woocommerce Amazon Pay Pro
- Woocommerce Realex
- Woocommerce Dpd Shipping
- Woocommerce Stock Notifier
- Woocommerce Distance Rate Shipping
- Woocommerce Shippo
- Woocommerce Attribute Swatches
- Wc Marketplace
- Wc Vendors Pro
- Wcfm Membership
- Buddypress Media
- Restrict User Access Pro
- Buddymeet
- Kartra Membership
- Paid Membership Pro Pro
- Wp Affiliate Manager
- Ultimatemember Real Time Notifications
- Simple Membership Pro
- Indeed Ultimate Member
- Wp Courseware Members
- Wp Affiliate Platform
- Memberful Wp
- Ultimate Membership Pro
- Content Control Cm
- Woocommerce Memberships