search

nicumicle / simple-jwt-login

This plugin allows you to log in, register, authenticate, delete and change the user password to a WordPress website using a JWT.
http://wordpress.org/plugins/simple-jwt-login/
GNU General Public License v3.0
83 stars 23 forks source link

bug: autlogin expired token returns http code 400 #102

Closed jamalnay closed 6 months ago

jamalnay commented 8 months ago

Bug Report

Plugin Version

Version 3.5.3

Bug description

in the autologin route when the token is expired the plugin is returning 400 http code (Bad Request) while the expected code is 401 (Unauthorized) I am using an http client that uses an Authenticator which expects 401 in order to execute a 'refresh token' operation.

nicumicle commented 8 months ago

Thanks for reporting this bug. I will provide a fix soon.

nicumicle commented 8 months ago

Hi @jamalnay,

I fixed this bug.

Now, for revoked tokens and for expired tokens you will get 401 Unauthorized instead of 400 Bad Request

< HTTP/1.1 401 Unauthorized
< Date: Sun, 10 Mar 2024 07:59:59 GMT
< Server: Apache/2.4.57 (Debian)
< X-Powered-By: PHP/8.2.15
< X-Robots-Tag: noindex
< Link: <http://localhost:88/index.php?rest_route=/>; rel="https://api.w.org/"
< X-Content-Type-Options: nosniff
< Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
< Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
< X-WP-DoingItWrong: wp_send_json (since 5.5.0; Return a WP_REST_Response or WP_Error object from your callback when using the REST API.)
< Content-Length: 67
< Content-Type: application/json; charset=UTF-8
< 
* Connection #0 to host localhost left intact
{"success":false,"data":{"message":"Expired token","errorCode":14}}

Please download the plugin from https://simplejwtlogin.com/ and test if it works OK for you.

jamalnay commented 8 months ago

Thanks, before trying the new update, is there a way for me to export/import my configurations and settings ? like the routes that are on, decryption key, auth key, etc..

nicumicle commented 8 months ago

You have the option to use this plugin, available at: https://github.com/simple-jwt-login/export-import.

To export your settings, first install it on the "source" WordPress site and select "export".

Then, install the plugin on the "destination" WordPress site as well. Paste the exported settings there and select "import".

nicumicle commented 6 months ago

The fix has been deployed with 3.5.4.

I will close this issue.