Dear developer,
we are building a .dart application to pull user information from a WP site. We are using your JWT plugin, and it’s mostly working, except for a certain endpoint.
I have modified the .htaccess & wp-config.php files. I have worked with the server engineer (Cloudways) to rule out application level issues.
I can get the token via wp-json/jwt-auth/v1/token and I can validate it here wp-json/jwt-auth/v1/token/validate. But when I try to access wp-json/wp/v2/users/me or wp-json/wp/v2/users/{id}, I get a 403 forbidden error.
The server engineer recommended I reach out to see what the issue is.
Looking forward to your reply,
]]>Hello, when I make a request the response carries this information:
{
"token": "example_token",
"user_email": "[email protected]",
"user_nicename": "example-pw",
"user_display_name": "example-user",
}I need to add user_id as a variable included in the response, I have edited in this file public/class-jwt-auth-public.php and in the line num #196 I have edited this code:
/** The token is signed, now create the object with no sensible user data to the client*/
$data = [
'token' => $token,
'user_email' => $user->data->user_email,
'user_nicename' => $user->data->user_nicename,
'user_display_name' => $user->data->display_name,
];to this code:
/** The token is signed, now create the object with no sensible user data to the client*/
$data = [
'token' => $token,
'user_email' => $user->data->user_email,
'user_nicename' => $user->data->user_nicename,
'user_display_name' => $user->data->display_name,
'user_id' => $user->data->user_id,
'userId' => $user->data->id,
];I have tried $user->data->user_id and $user->data->id but the code didn’t work the response back NULL in the user_id and userId
this is the response:
{
"token": "example_token",
"user_email": "[email protected]",
"user_nicename": "example-pw",
"user_display_name": "example-user",
"user_id": null,
"userId": null,
}Any help please?
]]>Hi,
Why do I get this message:
{
“code”: “rest_no_route”,
“message”: “No route was found that matches the URL and request method.”,
“data”: {
“status”: 404
}
}
When I use the link:
https://domain.com/wp-json/jwt-auth/v1/token
Hi,
I use the Traveler Theme. I installed it according to the instructions, but I always get a connection error: Status Code Error: 401 when connecting with make (integromat)
base url: https://domain.com/wp-json/
API Key: copied from wp-config.php
How do I fix this?
Hi there champions
Is there anyway i can import stock levels from my supplier third party api website?
Also, i want to create order to the third party site api when my order is updated to completed.
Is it possible with your plugin?
Steve
Hello,
I cannot get jwt token after I started using Divi Google Recaptcha plugin.
I am receiving the response below:
{
“code”: “[jwt_auth] invalid_captcha”,
“message”: “<strong>Error:</strong> reCAPTCHA verification failed. Please try again.”,
“data”: {
“status”: 403
}
}
]]>Thank you for this plugin!
We have some custom post types that we need to be protected by authentication. We changed the REST namespace to be ‘jwt-auth/v1’, however, this does not require authentication and leaves the endpoint publicly available.
localhost/mysite/wp-json/jwt-auth/v1/scene
I have successfully used the /token/ and /token/validate/ endpoints, so I know the plugin is installed and configured properly.
Thank you very much for your help!
]]>i am trying login using /wp-json/jwt-auth/v1/token in ionic angular mobile application. its working fine in web but getting error after build mobile application. what i want add additionally.
]]>Can we replace sanitize_url() with esc_url_raw in :
jwt-authentication-for-wp-rest-api/public/class-jwt-auth-public.php:220
]]>Hello,
I am using JWT to connect a java programm to the website by calling WordPress Rest services, everythinh was working well with the plugin JWT, however since the update to the version 1.3.3, i am always getting this error {“code”:”jwt_auth_bad_config”,”message”:”JWT is not configured properly, please contact the admin”,”data”:{“status”:403}}
I didn’t change anything in the JWT configuration, and all the steps described in the plugin page have already been done when the plugin was activated, so the configuration should be Ok.
Could you please help if you had a similar problem ?
Thanks
]]>Hi guys|
Thanks for the great plugin,
Is there a way to use 2Fa with this plugin?
Thanks again
Assaf
]]>Plugin page only shows the example of Apache server but I am using Nginx.
/wp-json/jwt-auth/v1/token Works
but
/wp-json/jwt-auth/v1/token/validate – Give me following error
{
"code": "jwt_auth_no_auth_header",
"message": "Authorization header not found.",
"data": {
"status": 403
}
}I’m using JWT to authenticate users from my app, and everything works as expected…. except if the password contains a “ in it. This returns an error saying the username or password is incorrect.
Is there anything that can fix this other than having the user change their password?
]]>My client is using JWT and Rippling to be able to create users based on their work account to the website we manage for them. We have created a custom role for them so they can only see certain parts of the site. When they make the connection they can only see these roles. They added them all as subscribers.
? administrator
? author
? contributor
? editor
? subscriber
Is there a way to have this software see the custom roles in addition to these roles that are already listed?
Hi
Here is the message on the page : https://365bibleversespdf.com/wp-json/jwt-a/vuth1/token
I don’t understand how to fix that.
Here is the htaccess:
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# BEGIN LiteSpeed
# The directives (lines) between "BEGIN LiteSpeed" and "END LiteSpeed" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule Litespeed>
SetEnv noabort 1
</IfModule>
# END LiteSpeed
# BEGIN enable-cors
# The directives (lines) between "BEGIN enable-cors" and "END enable-cors" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css|woff2)$">
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials "true"
</FilesMatch>
<FilesMatch "\.(avifs?|bmp|cur|gif|ico|jpe?g|jxl|a?png|svgz?|webp)$">
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials "true"
</FilesMatch>
</IfModule>
# END enable-corsand the wp-config
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the installation.
* You don't have to use the web site, you can copy this file to "wp-config.php"
* and fill in the values.
*
* This file contains the following configurations:
*
* * Database settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://www.ads-software.com/documentation/article/editing-wp-config-php/
*
* @package WordPress
*/
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'vaem5994_wp157' );
/** Database username */
define( 'DB_USER', 'vaem5994_wp157' );
/** Database password */
define( 'DB_PASSWORD', 'q2p7S@@cm8' );
/** Database hostname */
define( 'DB_HOST', 'localhost' );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8mb4' );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
define('JWT_AUTH_CORS_ENABLE', true);
/**#@+
* Authentication unique keys and salts.
*
* Change these to different unique phrases! You can generate these using
* the {@link https://api.www.ads-software.com/secret-key/1.1/salt/ www.ads-software.com secret-key service}.
*
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', 'fai7rurglrgyuj62gkatqif7oyft7qubvl86pq6gpcsdizcpjiwdnzmdj7meezi8' );
define( 'SECURE_AUTH_KEY', '9xgeyyprpsyobybrjpmesjniczi6cngwu5kdvgalv6iycgaeywbnoqo8j0aukagc' );
define( 'LOGGED_IN_KEY', 'vdr40vlljnmpuev8gwgrnqtdff9qufftfdbcrpoz4yx5hdpawx4aozzbexswjc8c' );
define( 'NONCE_KEY', '1mfuxyxhatstjgqb9jznezpsp8dbzrbed8hrp2dtnpoawrlmklienlggtmd7gbhg' );
define( 'AUTH_SALT', 'mm4h9q3avvecxywpblcqwloyvuazwo3pavnd3xm4anrzndcuadwixw3rrlxtqbmq' );
define( 'SECURE_AUTH_SALT', 'zomjxstqb3pcc5g0aq0xon8tfnpqqtdsziavt4yjaxikxea1vaanrcxapqej9ydb' );
define( 'LOGGED_IN_SALT', '1xaudmi9zhg3xvmzfs9sjxtcrzere6cojxjomstix56g96wdk2njh6lxdrjpqowx' );
define( 'NONCE_SALT', 'dzc7hb0ins5xvwfitdfswfazw7npp68qqanunfimbr9rfxqfmg5yk4uxulfkwphf' );
define( 'JWT_AUTH_SECRET_KEY', '' );
/**#@-*/
/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp1x_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://www.ads-software.com/documentation/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', false );
/* Add any custom values between this line and the "stop editing" line. */
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
I don’t understand what is the problem… and how to get my own secret auth key
]]>Hello,
Does this plugin work with a 2FA plugin, such as Wordfence Login Security or WP 2FA? It seems like these plugins either enforce the 2FA usage or do not allow the use of application passwords. Or, I may need to set up something for the JWT plugin. With Wordfence I’m asked to provide the 2FA code, and with the WP 2FA I’m getting: “Error: API login for user disabled.” Any help is appreciated.
]]>I’m testing out JWT on a couple of my sites. Both sites return a token as expected when using postman.
My app can connect to one of the sites without any issues and returns a valid token. My other site returns:{
"code": "jwt_auth_invalid_token",
"message": "Signature verification failed",
"data": {
"status": 403
}
}
Both sites are using Version 1.3.4.
What are my options to debug this issue? The only thing I’m doing is changing the url for the JWT endpoint.
Hello, thanks for plugin.
After Latest update(Version 1.3.3) Woocoomerce App doesn’t work. Works when deactivate this plugin. Just for latest version
]]>I have added the code for 6 month expiry of the token, but it's expiring randomly and automatically, its happens frequently to the rest api. please help!
Also, here I have changed in plugin files as it was getting error
class Jwt_Auth_Public {
/**
* The ID of this plugin.
*
* @since 1.0.0
*
* @var string The ID of this plugin.
*/
private string $plugin_name; // GETTING ERROR
/**
* The version of this plugin.
*
* @since 1.0.0
*
* @var string The current version of this plugin.
*/
private string $version; // GETTING ERROR
/**
* The namespace to add to the api calls.
*
* @var string The namespace to add to the api call
*/
private string $namespace;I have installed the WP plugin to update ACF fields via HTTPS, I’ve obtained the token and everything seems to be sent correctly into the record, however, the ACF fields on the records are not getting updated.
I’m sending the token as an authorization header (schema: bearer).
This is what I’m sending:
Headers:
{
“user-agent”: “PostmanRuntime/7.29.2”,
“wp_api”: “True”,
“version”: “wc/v3”,
“Authorization”: “Bearer “,
“content-type”: “application/json”,
“accept”: “application/json”,
“accept-encoding”: “gzip, deflate”,
“content-length”: 1788
}
Body:
{
"name": "HB123456",
"type": "simple",
"description": " ",
"short_description": "",
"status": "draft",
"regular_price": "10.00",
"acf": {
"item_status": "On Hold"
}
}Can you provide an example of a POST/PUT request that shows the structure of the payload to update ACF fields?
]]>Hi Team,
When i pass the Token in postman as Bearer token to create a new post it give me error as below. I have tried several tokens and emails but the same issue .
“code”:?“invalid_username”,
“message”: “The email address you entered does not exist.”,
“data”: null
]]>Hi,
we used your plugin for a develop our API for an APP. We develop this API in a development environment and it works great!
When we pass online JWT Authentication not completly works.
The token is correctly validated, but current user does not retrieved and i don’t have a logged user ID.
In development site we have WP version 5.9.7, while in online site we use 6.0.5 WP version. This could be the problem?
Any other suggestions?
Please, let me know if you need some other information to fix the problem.
Thanks you!
Best Regards
]]>Hello,
I am looking for a plugin which enables SSO for Azure on a headless WordPress setup. I was wondering if there’s any addons for your plugin which enable this?
Thanks,
]]>Hi i want to change the “jwt_auth_expire” time and i used below code to change the time
add_filter('jwt_auth_expire', 'on_jwt_expire_token',10,1);
function on_jwt_expire_token($exp){
$days = 1;
$exp = time() + (86400 * 0);
return $exp;
}but its’ not working so how can i change the token expire default time also i want to expire token forcefully so how can i do this
Thanks.
]]>Dear Support Team, how can i change the error message “Words” for invalid password and invalid email or username ?
]]>Hi there, I am using the Plugin: JWT Authentication for WP REST API.
Now I migrated my website to another provider and it does not work any more. I get this message:
Undefined index: REDIRECT_HTTP_AUTHORIZATION in class-jwt-auth-public.php on line 225
What am I doing wrong ? The website is using PHP 8.0.28
Thanks for a quick feedback and best regards
Frank
]]>I switched to RS256 as stated in the description
JWT_AUTH_ALGORITHM
The jwt_auth_algorithm allows you to modify the signing algorithm.
I get errors:
<br?/>
<b>Warning</b>:??openssl_sign():?supplied?key?param?cannot?be?coerced?into?a?private?key?in?<b>C:\scripts.uusr.tk\wp-content\plugins\jwt-authentication-for-wp-rest-api\includes\vendor\firebase\php-jwt\src\JWT.php</b>?on?line?<b>237</b><br?/>
<br?/>
<b>Fatal?error</b>:??Uncaught?DomainException:?OpenSSL?unable?to?sign?data?in?C:\OpenServer\domains\scripts.uusr.tk\wp-content\plugins\jwt-authentication-for-wp-rest-api\includes\vendor\firebase\php-jwt\src\JWT.php:?239
Stack?trace:
#0?\scripts.uusr.tk\wp-content\plugins\jwt-authentication-for-wp-rest-api\includes\vendor\firebase\php-jwt\src\JWT.php(202):?Firebase\JWT\JWT:?:sign()
#1?\scripts.uusr.tk\wp-content\plugins\jwt-authentication-for-wp-rest-api\public\class-jwt-auth-public.php(172):?Firebase\JWT\JWT:?:encode()
#2?\scripts.uusr.tk\wp-includes\rest-api\class-wp-rest-server.php(1181):?Jwt_Auth_Public->generate_token()
#3?\scripts.uusr.tk\wp-includes\rest-api\class-wp-rest-server.php(1028):?WP_REST_Server->respond_to_request()
#4?\scripts.uusr.tk\wp-includes\rest-api\class-wp-rest-server.php(442):?WP_REST_Server->dispatch()
#5?\scripts.uusr.tk\wp-includes\rest-api.php(410):?WP_REST_Server->serve_request(?in?<b>\scripts.uusr.tk\wp-content\plugins\jwt-authentication-for-wp-rest-api\includes\vendor\firebase\php-jwt\src\JWT.php</b>?on?line?<b>239</b><br?/>I am using this plugin?JWT Authentication for WP REST API?to authenticate users by Bearer token to protect my API routes. Users can generate tokens by their username and password. but I want to enforce users to use the Application password only to generate a token and if they use their login password, the token route will return an error message.
]]>Hi,
I fetch a JWT, then I send a GET request, to a site belonging to a multisite network and I get the following error :
{“code”:”jwt_auth_bad_iss”,”message”:”The iss do not match with this server”,”data”:{“status”:403}}
How could I fix that ?
Thank you,
Olivier
]]>i cant seem to get the validate token endpoint to work. I get the following error:
{
“code”: “rest_no_route”,
“message”: “No route was found matching the URL and request method.”,
“data”: {
“status”: 404
}
}
Anyone else get this and found a workaround?