- allow cookies to be set upon authentication

- set one header instead of replacing all headers

Author: jasonbahl

src/Auth.php

@@ -370,10 +370,19 @@ public static function is_refresh_token() {
 	 */
 	protected static function authenticate_user( $username, $password ) {
 
-		/**
-		 * Try to authenticate the user with the passed credentials
-		 */
-		$user = wp_authenticate( sanitize_user( $username ), trim( $password ) );
+		if ( defined( 'GRAPHQL_JWT_AUTH_SET_COOKIES' ) && ! empty( GRAPHQL_JWT_AUTH_SET_COOKIES ) && GRAPHQL_JWT_AUTH_SET_COOKIES ) {
+			$credentials = [
+				'user_login'  => sanitize_user( $username ),
+				'user_password'  => trim( $password ),
+				'remember'  => false,
+			];
+
+			 // Try to authenticate the user with the passed credentials, log him in and set cookies
+			$user = wp_signon( $credentials, true );
+		} else {
+			 // Try to authenticate the user with the passed credentials
+			$user = wp_authenticate( sanitize_user( $username ), trim( $password ) );
+		}
 
 		/**
 		 * If the authentication fails return a error

src/ManageTokens.php

@@ -342,9 +342,7 @@ public static function add_auth_headers_to_rest_response( $response ) {
 		 *
 		 * Might need a patch to core to allow for individual filtering.
 		 */
-		$response->set_headers(
-			[ 'Access-Control-Expose-Headers' => 'X-WP-Total, X-WP-TotalPages, X-JWT-Refresh' ]
-		);
+		$response->header( 'Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages, X-JWT-Refresh', true );
 
 		$refresh_token = null;
 
@@ -357,7 +355,7 @@ public static function add_auth_headers_to_rest_response( $response ) {
 		}
 
 		if ( $refresh_token ) {
-			$response->set_headers( [ 'X-JWT-Refresh' => $refresh_token ] );
+			$response->header( 'X-JWT-Refresh', $refresh_token, true );
 		}
 
 		return $response;