search

nicumicle / simple-jwt-login

This plugin allows you to log in, register, authenticate, delete and change the user password to a WordPress website using a JWT.
http://wordpress.org/plugins/simple-jwt-login/
GNU General Public License v3.0
82 stars 22 forks source link

Cannot authenticate protected APIs with JWT #49

Open giricgoyal opened 2 years ago

giricgoyal commented 2 years ago

Bug Description

Not able to authenticate protected apis with jwt token. Receiving invald_username error. Using postman to create and test the workflow.

Configuration: General: general

Login: login

Authentication: Authentication

Steps to reproduce:

  1. Hit the Authentication api with paramters: 
    {
"email": "test1@gmail.com",
"password": "password",
"AUTH_KEY": "{{PASSPORT_API_KEY}}"
}
  2. Hit the posts api /wp-json/wp/v2/posts with Authorization Header and JWT token received from step 1 
    Authorization: "Bearer <JWT TOKEN>"

Received the error:

{
    "code": "invalid_username",
    "message": "<strong>Error</strong>: Unknown username. Check again or try your email address.",
    "data": null
}

Environment

Question Answer
WordPress version 6.0.1
Simple-JWT-Login plugin version 3.4.6
maxmadknight commented 4 months ago

Same here It seems like the JWT auth is triggering the "Default authentication filters" The file wp-includes/user.php function "wp_authenticate_username_password" which throws this error