Getting OTP via API

  • Resolved sassoleo

    (@sassoleo)


    2 years, 7 months ago

    Hello,

    I’m using WP REST API to authenticate and add posts in my WP site.
    Is there a way to get the OTP via API and use it to authenticate?
    If I dont disable the TFA plugin, I get the following error:
    {

    "code": "[jwt_auth] authentication_failed",
    "message": "<strong>Error:</strong> The one-time password (TFA code) you entered was incorrect.",
    "data": {
        "status": 403
    }
}

    Thanks,
    Leonardo

    • This topic was modified 2 years, 7 months ago by sassoleo.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    I don’t think I have enough information to be able to answer usefully. Presumably you are using some component that calls WordPress authentication hooks. Which component is that? The string jwt_auth is not found in WordPress core or the plugin, so is coming from something else which is performing the authentication. Are you sending your WP password on every REST request? The TFA plugin doesn’t have any REST API, but also itself doesn’t get involved in REST requests at all, hence I infer that some other non-WP-core component is involved and doing something – if you know what component that is, the best way forward would be to ask its author for more details about what it’s trying to do – it’s apparently calling hooks from the ordinary WP login page login flow, which it probably ought not to be doing.

    David

    Thread Starter sassoleo

    (@sassoleo)

    Hello,

    The plugin is called JWT Authentication for WP-API, it allows to get a token for WP API authentication. So there’s no need to send the password on each request, just the first one to get the token.

    The problem I have is that the TFA plugin doesn’t allow this, unless I deactivate it. This is not a malfunction of TFA, it’s supposed to work like that. My question is if thre is a way to make both plugins work at the same time.

    This is the link to the JWT plugin: https://www.ads-software.com/plugins/jwt-auth/

    Thanks,

    Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    The JWT plugin is doing something wrong, because it is calling an action that invokes a fresh username/password check, specifically this hook, which as you see takes a username + password as input – https://developer.www.ads-software.com/reference/hooks/authenticate/ . So if the JWT plugin is only meant to be checking a non-username/password token, then it shouldn’t be calling that hook. So the best thing to do is to speak to its author to try to understand why it is doing that, as from what I understand of the issue, it shouldn’t be.

    David

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Getting OTP via API’ is closed to new replies.