I'm creating a decoupled application: the frontend is built with React, the backend uses Wordpress. However, due to some limitations the login and registration frontend pages must use a Wordpress theme, so the user is redirected to the React app only after login.

In the React frontend, I need to assign the current user a JWT token so that they can make authenticated requests; so I have to set a JWT token when they log in from the Wordpress theme. Basically, I need to set the JWT token when I'm still in a PHP application.

I've read that you can do API requests in PHP with curl (which I've never used before), so my best bet right now is to hook into the wp_login action, and use the JWT Authentication plugin for Wordpress to make a request with curl to the endpoint that generates a token.

This solution feels a bit weird to me though. Can you think of a better one?