Authentication with JWT?

Not sure… We’re using the “is_user_logged_in()” function, so if the JWT plugin provides authentication that works with this, then it should be ok.

I tested the plugin with JWT Authentication, this works fine for the core post_type.
But REST API Toolbox doesn’t work for custom post type
Could be a great improvement to enable Custom Post Type control too instead just core options.

[CORRECTION] It doesn’t work with JWT, my mistake…

• This reply was modified 7 years, 10 months ago by pesseba.

Custom post type support sounds like a good idea. I’ll take a look at adding support for that, and I’ll try to dig into the JWT source code to see what’s going on there with authentication.

I’m noob in PHP and WP framework but I’m trying to customize myself something. The custom post type endpoints I found a simple solution:

Just add this after $endpoints declaration:

$post_types = get_post_types();			
$endpoints = array_merge($endpoints,$post_types);

That’s run ok but it’s not perfect… you must add the ‘rest_base’ parameter insted post name.

For JWT I’m trying something, but my skills is limited…

I think the REST API must be limited by authentication and for user permissions too.

I’ve been working on custom post type support, will have it release in the next couple days: https://github.com/petenelson/wp-rest-api-toolbox/commits/feature/37-custom-post-types

After finally getting it working on my local server, I tested it out and it looks like it works correctly with JWT.

I set the posts endpoint to require authentication.

With a valid authorization token

Without a valid authorization token

I release the new version last night with custom post type support. Have you had a chance to give that a try yet?

Ow… I will try it. Nice!

Hi, I tested the new version of the plugin. I discovered what happend here…

In fact the JWT Authentication worked fine in my localhost. But when I save The Rest API Toolbox configurations, in WP panel, my .htaccess is refreshed without the JWT rewrite rules configuration… So Jwt stops working after that.

I don’t know why this happen. I found this link about: https://perishablepress.com/stop-wordpress-htaccess/

Our plugin does flush the rewrite rules when the page is saved. This is due to the ability to change the REST API prefix and the rules need to be flushed for any custom prefix to work.

I assume this is what’s getting removed when rewrite rules are flushed:
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) – [E=HTTP_AUTHORIZATION:%1]

Maybe try adding that rule outside of the # BEGIN WordPress and # END WordPress markers? Rewrite rules are also flushed when Settings > Permalinks are saved, so it would be good to exclude the authorization rule from that .htaccess block anyway.

Ok… no problems. Could be nice an advise in panel about this. For example, the permalinks checks if the .htaccess is read-only and display for user an advise with the new rewrite text for manually update.