search

Tmeister / wp-api-jwt-auth

A simple plugin to add JSON Web Token (JWT) Authentication to WP REST API
GNU General Public License v2.0
558 stars 161 forks source link

Passing a valid token does not log the user #151

Closed yannikmesserli closed 1 year ago

yannikmesserli commented 5 years ago

If I pass a jwt valid token to a private url of my wordpress install, wp-api-jwt-auth does not seem to set the user after validating the token :

Example using httpie:

> http POST http://my-url/wp-json/jwt-auth/v1/token/validate "Authorization: Bearer a-valid-token"
{
    "code": "jwt_auth_valid_token",
    "data": {
        "status": 200
    }
}

but then:

> http http://my-url/wp-json/wp/v2/users/me "Authorization: Bearer a-valid-token"
{
    "code": "rest_not_logged_in",
    "data": {
        "status": 401
    },
    "message": "You are not currently logged in."
}

User not set, despite stipulated otherwise in wp-api-jwt-auth readme.

mtidei commented 5 years ago

I am experiencing exactly the same issue on a clean wordpress installation.

Plugin 1.2.6 Wordpress 5.1.1

?rest_route=/jwt-auth/v1/token/validate works fine and even shows the right user id after adding some debug output:

{
    "code": "jwt_auth_valid_token",
    "data": {
        "status": 200,
        "user": {
            "user": {
                "id": "2"
            }
        }
    }
}

But /?rest_route=/wp/v2/posts with exactly the same token leads to 

{
    "code": "rest_cannot_create",
    "message": "Sorry, you are not allowed to create posts as this user.0",
    "data": {
        "status": 401
    }
}

Added debug output shows the user id is 0 (calling get_current_user_id()).

mineralwassermedium commented 5 years ago

I had the same problem. But then I noticed that a another plugin was causing this. In my case it was https://marketpress.de/shop/plugins/b2b-market/ Deactivating that pluging resolved the issue. Not sure what exactly causes the problem, I will look into it and will also contact the author of the plugin.

avks commented 5 years ago

I am having the same issue. Anyone has any concrete solution to this?

mineralwassermedium commented 5 years ago

Do you have the issue on a clean install? Then its probably a server configuration issue. Otherwise try deactivate all other plugins

avks commented 5 years ago

Yes, it was a server misconfiguration. I forgot:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1