401 Unauthorized response when using this plugin

[d0kt0r1]

Hello,

I am making this request with Wordpress 4.9.4:

GET http://somehostname.com/index.php?rest_route=%2Fwp%2Fv2%2Fposts&per_page=100&page=2&context=edit HTTP/1.1
Host: somehostname.com
Authorization: Basic [****base64encoded username+":"+pass *******]
Accept-Encoding: gzip, deflate
User-Agent: [some user agent name]

And I get this response:

HTTP/1.1 401 Unauthorized
Date: Tue, 13 Feb 2018 14:26:12 GMT
Server: Apache
X-Powered-By: PHP/7.1.12
X-Robots-Tag: noindex
Link: <http://somehostname.com/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Access-Control-Allow-Headers: Authorization, Content-Type
Vary: Accept-Encoding,User-Agent
Content-Length: 127
Content-Type: application/json; charset=UTF-8

{"code":"rest_forbidden_context","message":"Sorry, you are not allowed to edit posts in this post type.","data":{"status":401}}

[BrianHenryIE]

It looks like this plugin is working fine, i.e. the user is authenticated, but the user is not permitted to edit posts, i.e not authorised.

Take a look at the code that (I think) is returning that message: https://github.com/WordPress/WordPress/blob/91464bce658541193a47886e0e5041c27f25851a/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php#L125-L141

Whatever user you're authenticating as doesn't have edit permission on any posts. You might just want to change your request to context=view, or elsewhere – via a plugin or functions.php – you can give them the capability.

[d0kt0r1]

No. I got this fixed just now by doing as this comment is suggesting: https://github.com/WP-API/Basic-Auth/issues/35#issuecomment-244001216

Not sure if this fix has any side effects though?