Clash with OAuth 2 plugin

[yannikmesserli]

When both OAuth 2 for WordPress and wp-api-jwt-auth are installed, wp-api-jwt-auth's endpoints get ruled by OAuth 2 for WordPress:

POST /wp-json/jwt-auth/v1/token/validate HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: Bearer TOKEN
Connection: keep-alive
Content-Length: 0
Host: url
User-Agent: HTTPie/1.0.2

HTTP/1.1 403 Forbidden
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: application/json; charset=UTF-8
Date: Wed, 06 Mar 2019 12:34:37 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Link: <url/wp-json/>; rel="https://api.w.org/"
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
X-Port: port_10923
X-Robots-Tag: noindex
X-XSS-Protection: 1; mode=block

{
    "code": "oauth2.authentication.attempt_authentication.invalid_token",
    "data": {
        "status": 403,
        "token": "TOKEN"
    },
    "message": "Supplied token is invalid."
}

Would be good that one can use both plugin at the same time.

[Tmeister]

Why do you need two authentication providers?

[yannikmesserli]

Perso I don't need it, just came across this problem. However since OAuth2 and jwt achieve two different things, one could need both... e.g. jwt to login users on a js client app and OAuth2 to authenticate users on an app completely separated from wp.

If you think nobody has this need, then we can just close this ticket :-D