Nobody can log in, when logging in you get a invalid username or password message and everybody got kicked out of the app as well.
Getting error message of
status error, error: unknown controller ‘core’
API Auth requests failing
]]>Hi, when I updated the server to PHP 8.0 the api/auth/generate_auth_cookie/ stop working and gave an error (the general one)
]]>i have installed both of the plugins and followed the instructions but when I am trying the login API on postman it is saying “Invalid username or password” but the username and password both are valid.
i am trying this URL: https://mywebsite.com/api/auth/generate_auth_cookie (POST)
and this is the response I am getting:
{
“status”: “error”,
“error”: “Invalid username and/or password.”
}
Think is, It would be nice if we can set custom Var, or make check e.g for defined varible? like ALLOW_UNSECURE or something?
Because if we let use just pharase insecure=cool anyone can just put it inside their attack url :/
The required plugin hasn’t been updated in 3 years, and hasn’t been tested past WP 4.3.18.
Looks abandoned by it’s author.
Please advise!
]]>Hello
You wrote in your plugin details content.
For documentation: See ‘Other Notes’ tab above for usage examples.
We are unable to see this ‘Other Notes’ tab.
Please check this linkhttps://prntscr.com/jpd8or
Please provide a link for usage examples. or how we can test this API for login in and authenticate the user with postman.
Thank you.
]]>I am using job board theme. in my theme i installed rest api plugin.
By using url i want to add a job,
for example
https://domain.com/api/get_nonce/?controller=user&method=create_job_post
but i can’t add job to theme.
i am added a new controller ” job” to do data manipulation methods for jobs such as post a job to json api plugin and added some functions to plugin.
bt always showing a error such as,
{“status”:”error”,”error”:”You need to login with a user that has ‘edit_jobs’ capacity.”}
can you help me.
]]>Hi,
I have unfortunately no great experience in wordpress and the authentication methods. I would like to know whether the authentication on cookie has the same effect as the login on the wordpress front end.
My goal is to login a user from an external tomcat application in wordpress, because the blog function should be embedded in the tomcat application and the user should not log in twice.
is this possible?
Greetings
Bernhard
The plugin doesn’t work for me. In my local apache server I have a subfolder… my wordpress website is located at https://localhost/wordpress/. I can’t have https.
If I use
curl -X GET \
'https://localhost:80/wordpress/api/auth/generate_auth_cookie/?nonce=ee9d27ba44&username=Catherine&password=password-here' \
-H 'cache-control: no-cache' \
-H 'postman-token: 75dbe4fd-602b-98e3-7568-fe40a1a245f4'I receive:
{
"status": "error",
"error": "I'm sorry Dave. I'm afraid I can't do that. (use _https_ please)"
}Have you advice for me?
Thanks
]]>Hi,
Im using your plugin for user authentication in a mobile app.
Im constantly getting this error.
How can I fix this? I already have a valid SSL on the site as shown in the picture.
Best Regards,
Leo
How can we deal with passwords with # in the URL for this to work?
]]>I want to authenticate user from my mobile (Android Application) need nonce value, but im getting no response.
I have wordpress 4.6.1 installed, i tried both times when i logged in and without login
I use following URL for getting nonce.
https://localhost/api/get_nonce/?controller=auth&method=generate_auth_cookie
I want to know how to use your end points for POST method with params to check user login
Here is a link of login form
https://wartiz.com/turba_research/login/
Hi,
First of all thanks for providing me such a great plugin. I am using this plugin for user authentication process. It provides the user authentication process based on cookie value and it works.
But my question is that when a user uninstalls my application from his/her mobile, all the cookie related data gets deleted from mobile.
After that when user re-install the app, how can we authenticate already registered user without cookie.
Awaiting your helpful reply.
Thanks
]]>I think this plugin will help me a lot, but to post or get, it need SSL check and I can’t finish that. How can I disable the SSL check so I can going on.
]]>HI,
with recent update I am not able to create post from app,
I am using create_post method which worked earlier but now failing with this error
“Uncaught ReferenceError: postangular is not defined”
Hi all,
after update my wordpress I have this error when I try to log in with mobile version with json api auth, the error is this :
{“status”:”error”,”error”:”I’m sorry Dave. I’m afraid I can’t do that. (use _https_ please)”}
can you help me to resolve it?
]]>The short answer is NO this plugin is not safe, it leaks user-credentials on so many levels. Let me explain.
First of all, the current implementation works via GET, which is okay by me, except the username/password combo will be visible in your logfiles. Everybody who can access your webservers logfiles will be able to read passwords, wheter they want this or not.
Resolution? use POST instead of GET
Second. Please, please, please enforce https when using this plugin. Or make users aware that even when using POST the password will still be visible in plaintext on the internet.
It’s 2016, playtime is over; secure this beauty please.
(if interessted, i’ve patched all issues mentioned above, contact me if you want this revisions)
]]>HI
I am using create_post method but getting this error, I am using admin user to log in from my mobile app.
JSON_CALLBACK(
{
status: “error”,
error: “You need to login with a user that has ‘edit_posts’ capacity.”
}
)
I installed the plugin. I already have installed the JSON api plugin first which has been working fine. I’m trying to add authentication. I activated the plugin. Went to JSON api settings and activated “Auth” so it’s on now. When I go back to my /api/core/get_category_posts/ URLs again, they all continue to work. I thought that access would be denied unless authenticated with the cookie?
I cleared all cookies, tried in different browsers, purged my cache, tried from a mobile browser, etc. All the old JSON URLs still work without having to use any sort of authentication cookie. How is this enabled? Or am I missing something? Thanks!
]]>After following the steps on the authentication instructional page, JSON API tells me I need to use a nonce with my posts (which your examples don’t suggest), and when I include the nonce along with the cookie Auth generated, it returns “Your ‘nonce’ value was incorrect. Use the ‘get_nonce’ API method.”
I’ve tried using both the nonce created by the get_nonce method and your authentication method, but neither work. They just say it’s incorrect and I can’t post.
To add some clarity: The first two steps in your directions seem to be working. I successfully created a nonce and then successfully created a cookie with that nonce, but then when I try to post it tells me a) I need a nonce and b) the nonce I provide is incorrect.
I appreciate the support!
]]>I have the same problem that Unknown-auth-controller
The plugin is activated into JSON API ( JSON API Auth ).
If I disable this plugin and active JSON API User, working properly.
THX!!!!!!!!!
]]>Hi there,
I’m getting this when I try and request a cookie with the nonce, username and password
{
"status": "error",
"error": "Unknown controller 'auth'."
}This endpoint is working fine – https://localhost/api/get_nonce/?controller=auth&method=generate_auth_cookie
And then the request cookie one returns with that error -https://localhost/api/auth/generate_auth_cookie/?nonce=f4320f4a67&username=Catherine&password=password-here
Do you know what might be the issue?
Thanks!
]]>Hello, I’m developing an html5 program that will run on the webpage and I want to use the api, so the user is logged in on the site so I just need a key for my program to use based on the current logged in user. I have created the following function and I felt I should share it. Of course it goes into the controller:
public function generate_auth_cookie_from_logged_user() {
global $json_api;
if ($json_api->query->seconds) $seconds = (int) $json_api->query->seconds;
else $seconds = 1209600;//14 days
$user = wp_get_current_user();
if (0 == $user->ID) {
$json_api->error("User not logged in.", 'error', '401');
remove_action('wp_login_failed', $json_api->query->username);
}
$expiration = time() + apply_filters('auth_cookie_expiration', $seconds, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
preg_match('|src="(.+?)"|', get_avatar( $user->ID, 32 ), $avatar);
return array(
"cookie" => $cookie,
"cookie_name" => LOGGED_IN_COOKIE,
"user" => array(
"id" => $user->ID,
"username" => $user->user_login,
"nicename" => $user->user_nicename,
"email" => $user->user_email,
"url" => $user->user_url,
"registered" => $user->user_registered,
"displayname" => $user->display_name,
"firstname" => $user->user_firstname,
"lastname" => $user->last_name,
"nickname" => $user->nickname,
"description" => $user->user_description,
"capabilities" => $user->wp_capabilities,
"avatar" => $avatar[1]
),
);
}Hi,
I’m looking a “extend user profile plugin” which is compatible with json api auth : are there ?
What I need to do is extend the user profile adding additional fields e having them returned by the user info api; is this possible ?
Thanks in advance
-Paul
Hi,
when trying to call a method: localhost/api/posts/update_post/ without being logged in to the system, I allways get the error: “Post not found.”. When I login to the WP, then the call find the correct post.
how to use this method, without direct login to the admin panel.
I have installed the JSON API Auth plugin, and generated the auth cookie, but what next? Can I now make to this method (localhost/api/posts/update_post/) worked?
]]>Hi! I am using JSON Feed Reader in Android.
The ‘get_recent_posts’ and ‘get_posts’ method work perfectly , but ‘create_post’ , ‘update_post’ and ‘delete_post’ not work .
error >
{“status”:”error”,”error”:”You must include a ‘nonce’ value to create posts. Use the get_nonce Core API method.”}
I think there must be some setting that I do not know . Can you help me ? Thank you !
]]>Hello everyone.
I’m working to make a mobile version of my website (based on WordPress) using the json api.
But I found a issue where I am not able to make a comment as a registered or logged user.
Maybe it is because I don’t have a sample.
Someone could help me or give me a sampl.
Thanks advanced.
]]>Hello there,
thank you for your work.
I am using the default AngularJS $http service in order to generate an auth cookie for user authentication. Here is my $http service:
$http({
method: 'POST',
url: api_url + 'auth/generate_auth_cookie/?nonce=' + data.nonce + '&username=' + username + '&password=' + password
}).
success(function(data, status, headers, config) {}).
error(function(data, status, headers, config) {});This is working perfectly. My very important issue is the following one. When the password contains the # character, I am always receiving an invalid username/password combination message. Is it something in my end? Please note that this is happening only with this specific character in any position of the password.
I really appreciate your help.
Thanks again
George
I can’t seem to find a logout endpoint. Is one included?
]]>