-
Notifications
You must be signed in to change notification settings - Fork 12
add support for wp-api v2 #1
Comments
Thanks for reporting, will check the changes on v2 and try to release a new version depending on how mature it is (I want to avoid rework for BC issues due to changes between beta releases) |
Any update on this? |
@moneal not yet. The plugin is still in beta, and TBH I wasn't able to check what changed. If you can provide me some insights on what needs to be changed, I can push this release sooner (also PR are always welcome). Thx |
I am checking this issue, and seems to be working fine to me. Versions:
Repro steps:
Posible issues:
|
@glena Thanks for the update and pointing out some possible issues. I updated my versions to match yours:
Special note for wordpress on godaddy hosting: I had to modify the .htaccess to prevent the removal of the Authorization header:
The following use cases work, but only for users who exist in auth0 and have also used auth0 to login directly to WP at least once:
For users who are registered in auth0, but who have not (and will not) login directly to WP, I receive the following text (but no exception is thrown). I'm not a php guy, so I hope you can decipher what's going on:
|
It should create the user if it does no exists, but seems I mess it up :D It will be fixed in the next release, but in the meantime, can you change this line https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_UsersRepo.php#L37 for this:
|
@ddbaron |
@glena I've done some cursory testing with 2.2.1 and it appears to be working well. Thank you for the fix! |
I'm still getting a 401 response when requesting Using Login by Auth0 2.2.1 and Wordpress JWT Authentication 1.1.1 on WP 4.5.2 |
@moneal mmm weird. I will debug what is the api doing in this case, it should return the user info. I will try to make me time for this. |
@glena I think I have it working, Here is my change: protected static function getAuthorizationHeader() {
$authorization = false;
if (function_exists('getallheaders'))
{
$headers = getallheaders();
if (isset($headers['Authorization'])) {
$authorization = $headers['Authorization'];
}
if ( ! $authorization && isset($headers['authorization'])) {
$authorization = $headers['authorization'];
}
}
elseif (isset($_SERVER["Authorization"])){
$authorization = $_SERVER["Authorization"];
}
return $authorization;
} |
@moneal I was having a similar issue with the /users/me endpoint, and I forgot to mention this earlier. Per this doc http://v2.wp-api.org/guide/problems/ that endpoint issues a redirect to the client. A redirect can cause the same authentication headers to be sent, but with different request data, causing the signature to fail. A workaround is to Envelope the request using NOTE: The request is enveloped so I had to pick out the 'data' element with the user info. Hope this helps. |
I am thinking on allowing the access_token to be sent in the query string or request body (maybe configurable in the plugin settings) to get rid of the apache issue with the authorization header. About this issue with |
The redirect thing has been talked about a lot from the REST team and I don't think they are going to change it. The ?_envelope parameter that @ddbaron posted works great. I actually just added that to my ionic app right before getting the notification :)
|
Hi @glena and @moneal, just wondering if based on the recent release of WordPress 4.7 with the Rest API in the core, no support for the Basic Auth plugin, and with the only options for authentication into the Rest API being suggested as cookies or OAuth 1.0, has the need for this plugin to support Rest API v2 been elevated or scheduled? Or is this considered a working feature and any issues related to the htaccess or other issues people mentioned above? If not, would you encourage the functionality be built into this plugin as a contribution? Thanks! |
Didnt have time to take a look to the WordPress 4.7 Rest API, but it worth the effort to support it if it is posible. About Rest API v2, the plugins works well with Rest API v2, there are some weird issues but the guys worked it out. Anyway, PRs are always welcome :D |
@glena Thanks! OK, just wanted to understand where this stood. I may just be missing something in my implementation. Are you aware of any example code for making an API call via the node.js client library? Such as:
|
Hi @glena, Happy New Year! I was wondering if you had a chance to look at WordPress 4.7? Also, I'm wondering if you know of any example implementations or code snippets working with https://github.com/WP-API/node-wpapi/? Does anything look strange with my code above? Thanks! |
I think I figured out my issue but I'm not sure how to resolve it. I'm using passwordless authentication to generate an id_token, but there's no way for the plugin to match User Property "email" to JWT Attribute "sub". Is there? Thanks! |
Hi @akhanukov sorry for the delay. The only way to do that is programatically using the |
Yup @glena, I think I came to the same conclusion this afternoon and am working on that now. Thanks! |
Hi @glena, since I have tried a couple of things and nothing has worked so far, can you please provide any more instruction? Do I need to copy the filter and function within the class into my theme's function.php file? Or simply call it via a filter, in which case, I tried both the one from the page you link to as well as on the WordPress plugin page and both give me errors. Pardon my ignorance but if you could guide me a little further, I'm almost got this month long challenge squared away, :) Thanks! |
First, did you try to ask for the Also, in the plugin configuration you can configure the BTW, you should NOT parse the id_token since the format might change, that is an internal auth0 id and can change if we need to. Anyway, to do it programatically, in your functions.php add this: add_filter( 'wp_jwt_auth_get_user', 'get_jwt_user', 10);
function get_jwt_user($jwt) {
global $wpdb;
if ($jwt instanceof WP_User) return $jwt;
// didnt test this line, take a look (BTW you shouldnt do that)
list($provider, $email) = explode('|',$jwt->sub);
$sql = 'SELECT u.*
FROM ' . $wpdb->users . '
WHERE email = %s';
$userRow = $wpdb->get_row($wpdb->prepare($sql, $email));
if (is_null($userRow)) {
return null;
}elseif($userRow instanceof WP_Error ) {
self::insertAuth0Error('findAuth0User',$userRow);
return null;
}
$user = new WP_User();
$user->init($userRow);
return $user;
} finally, please dont mix stuff, this particular thing has nothing to do with the original issue (it is hard to follow up for other people looking for similar issues) |
@glena Thank you for your assistance. Yes, sorry about posting this here. Originally I thought I had the same issues as the users above. We can move it to another thread if you like or hopefully this or the next comment should solve it. I spent several hours after posting trying to implement this and while I called my function a little different, I was able to debug much of it via Postman. Yes, the place I left off was trying to get the email attribute into my jwt, figuring the ID was probably encoded or hashed. I've followed several tutorials or suggestions including https://auth0.com/docs/libraries/lock/v10/customization#connectionscopes-object-. However since my login process uses Passwordless authentication (though I do also use the main Auth0 WordPress and Lock for the WP front end), the only place I figured I could request that scope is via the Auth0 Plugin > Advanced Settings Tab > Extra Settings tab, or via a rule (cursory trial and failure so far). Is this correct, because this didn't add it to the jwt id_token? And since that tutorial references Lock 10, I have tried to toggle between Lock 9 (default in the plugin) and Use Lock 10, and when my id_token is generated, I still only see the 5 default attributes in the jwt.io Debugger. Which brings me to my authentication API code. I have been using the auth0-node package (https://github.com/auth0/node-auth0/) for which I want to submit a PR to address auth0/node-auth0#148, as I have manually added the As of 3am last night, I had added
At this point, my guess is that the auth0-node package function doesn't have the extra argument I'm trying to pass for scope, but I am just starting to debug again. Please let me know your thoughts, I know I'm one tweak from success. :) And please feel free to move this to another or new thread. I'm look forward to blogging about how well this all works together, so thanks for your help!! |
Lets follow up in #5 |
resolved with: RewriteCond %{HTTP:Authorization} ^(.) in .htaccess |
@glena having issues getting this to work with v2 of the wp-api
The following WORKS:
The following does NOT WORK:
Issues:
http://<domain>/wp-json/wp/v2/users/me
results in:http://<domain>/wp-json/wp/v2/posts
doesn't work. I've confirmed theAuthorization:Bearer
is there and correct:Lastly, perhaps this will accelerate your understanding of the issue: Tmeister/wp-api-jwt-auth#6 (comment) --> seems to imply the cookie testing is overriding the JWT, at least for this plugin....
The text was updated successfully, but these errors were encountered: