wp-graphql · jasonbahl · Feb 20, 2020 · Jul 19, 2019 · Feb 13, 2020 · Feb 13, 2020
diff --git a/README.md b/README.md
@@ -14,9 +14,9 @@ This plugin was initially based off the `wp-api-jwt-auth` plugin by Enrique Chav
 
 ## Install, Activate & Setup
 
-You can install and activate the plugin like any WordPress plugin. Download the .zip from Github and add to your plugins directory, then activate. 
+You can install and activate the plugin like any WordPress plugin. Download the .zip from Github and add to your plugins directory, then activate.
 
-JWT uses a Secret defined on the server to validate the signing of tokens. 
+JWT uses a Secret defined on the server to validate the signing of tokens.
 
 It's recommended that you use something like the WordPress Salt generator (https://api.wordpress.org/secret-key/1.1/salt/) to generate a Secret.
 
@@ -25,7 +25,7 @@ You can define a Secret like so:
 define( 'GRAPHQL_JWT_AUTH_SECRET_KEY', 'your-secret-token' );
 ```
 
-Or you can use the filter `graphql_jwt_auth_secret_key` to set a Secret like so: 
+Or you can use the filter `graphql_jwt_auth_secret_key` to set a Secret like so:
 
 ```
 add_filter( 'graphql_jwt_auth_secret_key', function() {
@@ -51,15 +51,19 @@ For NGINX, this may work: https://serverfault.com/questions/511206/nginx-forward
 
 ## How the plugin Works
 
-This plugin adds a new `login` mutation to the WPGraphQL Schema. 
+### Login User
 
-This can be used like so: 
+This plugin adds a new `login` mutation to the WPGraphQL Schema.
 
-```
+This can be used like so:
+
+**Input-Type:** `LoginUserInput!`
+
+```graphql
 mutation LoginUser {
   login( input: {
-    clientMutationId:"uniqueId"
-    username: "your_login"
+    clientMutationId: "uniqueId",
+    username: "your_login",
     password: "your password"
   } ) {
     authToken
@@ -71,13 +75,52 @@ mutation LoginUser {
 }
 ```
 
-The `authToken` that is received in response to the login mutation can then be stored in local storage (or similar) and 
-used in subsequent requests as an HTTP Authorization header to Authenticate the user prior to execution of the 
-GraphQL request. 
+The `authToken` that is received in response to the login mutation can then be stored in local storage (or similar) and
+used in subsequent requests as an HTTP Authorization header to Authenticate the user prior to execution of the
+GraphQL request.
 
 - **Set authorization header in Apollo Client**: https://www.apollographql.com/docs/react/networking/authentication/#header
 - **Set authorization header in Relay Modern**: https://relay.dev/docs/en/network-layer.html
 - **Set authorization header in Axios**: https://github.com/axios/axios#axioscreateconfig
 
+
+### Register User
+
+**Input-Type:** `RegisterUserInput!`
+
+```graphql
+mutation RegisterUser {
+  registerUser(
+    input: {
+        clientMutationId: "uniqueId",
+        username: "your_username",
+        password: "your_password",
+        email: "your_email"
+    }) {
+    user {
+      jwtAuthToken
+      jwtRefreshToken
+    }
+  }
+}
+```
+
+### Refresh Auth Token
+
+**Input-Type:** `RefreshJwtAuthTokenInput!`
+
+```graphql
+mutation RefreshAuthToken {
+  refreshJwtAuthToken(
+    input: {
+      clientMutationId: "uniqueId"
+      jwtRefreshToken: "your_refresh_token",
+  }) {
+    authToken
+  }
+}
+```
+
+
 ## Example using GraphiQL
 ![Example using GraphiQL](https://github.com/wp-graphql/wp-graphql-jwt-authentication/blob/master/img/jwt-auth-example.gif?raw=true)
diff --git a/src/Auth.php b/src/Auth.php
@@ -219,7 +219,7 @@ public static function get_user_jwt_secret( $user_id ) {
 		$capability = apply_filters( 'graphql_jwt_auth_edit_users_capability', 'edit_users', $user_id );
 
 		/**
-		 * If the request is not from the current_user AND the current_user doesn't have the proper capabilities, don't return the secret
+		 * If the request is not from the current_user or the current_user doesn't have the proper capabilities, don't return the secret
 		 */
 		$is_current_user = ( $user_id === get_current_user_id() ) ? true : false;
 		if ( ! $is_current_user && ! current_user_can( $capability ) ) {
@@ -320,7 +320,7 @@ public static function get_refresh_token( $user, $cap_check = true ) {
 		 */
 		add_filter( 'graphql_jwt_auth_token_before_sign', function( $token, \WP_User $user ) {
 			$secret = Auth::get_user_jwt_secret( $user->ID );
-			
+
 			if ( ! empty( $secret ) && ! is_wp_error( $secret ) && true === self::is_refresh_token() ) {
 
 				/**