Integrating this class into your WordPress plugin provides custom REST endpoints for login (and logout) that use a dedicated authentication cookie, specifically designed for cross-domain authentication scenarios. The default wordpress_logged_in_{hash} cookie continues to be used for the WordPress admin area, so existing admin workflows remain unaffected.
This solution was developed after encountering an issue where the authentication cookie could not be set during a custom login process when working across different subdomains. Standard methods like wp_set_auth_cookie did not set the cookie on the frontend, and WP_Session_Tokens was returning an empty token.
By implementing a custom cookie and handling validation directly, this approach reliably enables authentication for REST API-based workflows across multiple domains or subdomains.
With this class, you can implement secure cross-domain authentication for your WordPress REST API endpoints using cookies and nonces-with no need for JWT tokens.
This method is especially useful for scenarios where you want to avoid the complexity of JWT token management and instead rely on WordPress’s built-in authentication mechanisms, making it straightforward to protect endpoints and use functions like get_current_user_id() in your permission callbacks
For more in depth details read trough inline comments.