Basic Authentication not working #2493
Comments
|
I had this problem, when I was using basic auth in a browser currently logged into the WP system. So in one tab I was logged in as admin and in the other, I was trying to send a post request using basic auth. If I am logged out and do my request, it worked. Maybe this helps. |
|
Unfortunately that does not help. One more thing. The query to http://mywebsite.com/wp-json returns Is it correct to have authentication section empty? |
|
148 docs-v2: |
|
Albert, from what I understood is that this change is made to limit modifications to logged in users only. |
|
Are you sure the Authorization header is successfully being passed into the request? |
|
Yes, I can clearly see it there. |
|
You could use the hook add_filter( 'rest_pre_dispatch', 'my_prefix_test_request_headers', 10, 3 );
function my_prefix_test_request_headers( $result, $server, $request ) {
$result = $request->get_headers();
return $result;
}I haven't tested myself, but I imagine that should work. Put that in a plugin or a functions.php file of an active theme for testing and then remove it when you are done. If the authorization header is not appearing in the returned array then somehow it is being stripped out of the request. |
|
I tried this and could not find "Authorization" header in the response. Indeed somebody strips the header out. Then I set following in the .htacccess and magically basic authentication started to work. |
|
Actually this is not a complete solution and more is a workaround. From time to time wordpress overwrites .htaccess files and the changes are lost. |
|
There could be a number of underlying reasons why the header is being stripped, but you would have to investigate why your server is doing that. Sometimes redirects on not properly formed URLs can make the Authorization header disappear before the redirect. Check your server's access logs and see what sort of activity happens when you make the request. Also try using this instead I highly recommend you use oAuth as well, if you aren't just fiddling around with the API. |
|
using OAuth1.a can we skip the authorize screen (being client-owner)?? |
It's not possible to skip the authorisation process, no. |
|
@rmccue Thanks! but I'm stuck in my use case which is.. |
|
If you control the site too, you can internally mark the application as pre-authorised, but you'd need to write custom code to do that. :) Any further questions should be posted on the OAuth1 tracker instead. |
|
Thanks @websupporter! Logging out of wp-admin worked for me :) In Postman I'm using the 'Basic Authorization' and entered in my WP username and password. Am just playing around/performing a POST request and changing the title of post. |
hi Everybody,
I'm trying to use basic authentication. I've downloaded, installed and activated the https://github.com/WP-API/Basic-Auth plugin. But whatever i tried the api returns "Sorry, you are not allowed to ...". Error. I'm using Postman as a client and can see it that correctly set "Authorization" header in the request.
For example if i post here: http://mywebsite.com/wp-json/wp/v2/posts/
Body:
{
"title": "Hello Updated World!",
"content_raw": "Howdy updated content.",
"date": "2013-04-01T14:00:00+10:00"
}
The response is:
{
"code": "rest_cannot_create",
"message": "Sorry, you are not allowed to create new posts.",
"data": {
"status": 401
}
}
I'd appreciate some help here.
Thanks,
Ruben
The text was updated successfully, but these errors were encountered: