wp-net / WordPressPCL

This is a portable library for consuimg the WordPress REST-API in (almost) any C# application
MIT License
344 stars 130 forks source link

JWT Auth by Useful Team changed Json answer #244

Open weselow opened 3 years ago

weselow commented 3 years ago

Looks like Useful Team's plugin "JWT Auth" changed json answer received during token generation. It returnes json object that can not be deserialized. The same result if this option is enabled:

WpClient.AuthMethod = AuthMethod.JWTAuth;

HTTP headers are enabled at hosting and wp-config properly modified.

How to reproduce:

  1. Install plugin
  2. Try to obtain token
  3. Try to get all users - you will receive only one as mentioned in wiki
  4. Or try to create new user - you will receive message that you are not allowed to do it even you generate token under admin user.

Solution was to make separate http post request to generate token, deserialize it and then set token manually:

client.SetJWToken(token);

P.S. Cool library 👍

ThomasPe commented 3 years ago

Interesting, I'll try to look into this in the coming days. The integration tests don't seem to fail though right now. Can you post the json response that you're getting (without a valid token)?

weselow commented 3 years ago

no problem by the way, i point out another interesting moment: it accepts only email as username parameter in post query, using wordpress-username calls false :)

Separate POST query returns:

raw string:

{"success":true,"statusCode":200,"code":"jwt_auth_valid_credential","message":"Credential is valid","data":{"token":"my-hard-received-token","id":1,"email":"webmaster@email.com","nicename":"my-username","firstName":"Sophie","lastName":"Hayes","displayName":"Sophie Hayes"}}

beautified string:

{
  "success": true,
  "statusCode": 200,
  "code": "jwt_auth_valid_credential",
  "message": "Credential is valid",
  "data": {
    "token": "my-hard-received-token",
    "id": 1,
    "email": "webmaster@email.com",
    "nicename": "my-username",
    "firstName": "Sophie",
    "lastName": "Hayes",
    "displayName": "Sophie Hayes"
  }
}

error string with username as username:

{"success":false,"statusCode":403,"code":"invalid_email","message":"Unknown email address. Check again or try your username.","data":[]}