• Resolved brianlmerritt

    (@brianlmerritt)


    Is there a sensible way to use oauth plugin or similar with a mobile app with oauth? The idea is each user will set up a secure connection to wp-json, send their login details, and once confirmed then the mobile app can use wp-json to update meta information pertaining only to themselves.

    I assumed oauth plugin would be the way to go, but when I set oauth callback to “oob” because I am on a mobile phone, I can’t pick up the verification code to continue.

    Thoughts or help appreciated!

    https://www.ads-software.com/plugins/json-rest-api/

Viewing 15 replies - 1 through 15 (of 24 total)
  • Thread Starter brianlmerritt

    (@brianlmerritt)

    Hmmm – or should I just be using cookie authentication for the mobile app? ??

    I have the same problem. Building a mobile app so not sure what to use. Setup Oauth1 but doesn’t work. Getting OAuth signature does not match

    Thread Starter brianlmerritt

    (@brianlmerritt)

    Have you tried OAuth Explorer

    https://sevengoslings.net/~fangel/oauth-explorer/

    It has a few weird quirks with JSON REST API, but works OK in stages:

    1. Enter base url (http(s)://your.domain.com/oauth1
    2. Access token = request
    3. Authorize = authorize
    4. Access_Token = access
    5. Enter your consumer key and secret (leave method as HMAC-SHA1)

    Now the fun begins!

    Click Get Request Token and you get Call content = “No Oauth parameters supplied” – no idea why, but…

    Copy the contents of “combined call (as GET)” into “CUSTOM API CALL” (delete any existing content) and press the “Call” button

    Call content now = oauth_token=xxxxxxxxxxxxxxx&oauth_token_secret=xxxxxxxxxxxxxxxxxxxxx&oauth_call_back_confirmed=true

    So – paste those manually into Request Token (oauth_token value goes into Request Key and oauth_token_secret value goes into Request Secret)

    Now click authorize

    Your browser gets redirected to the website “wp-login.php?action=…”

    You then have to authorize the token manually, and you get your verification token

    Go back to OAuth Explorer and click “Get Access Token” and enter the verifier code and click get access token.

    Of course that produces another “No Oauth parameters supplied, so you then paste Combined call as get back into custom api call.

    You then get your oauth_token and oauth_token_secret back.

    The OAuth doesn’t “appear” to be set up for mobile users, but there are other authentication methods:

    Cookie (but we can’t use as we are not in the domain, as far as I know)

    Basic Auth (keep sending the username and password with the request)

    Token (send the token – have not yet explored this in detail)

    Basic Auth and Token and OAuth all require plugins – have a look at them and you might find enough code to create your own plugin with a more sensible authorisation method.

    If your mobile app allows the user to create a new user ID then you need some way to give the app the ability to create the user via the API (or send the user to the website and tell them just create their own ID there)

    If the above helps at all great – at least you can test out your install.

    I am going to work on an auth plugin that requires basic auth the first time, and then passes a token which the token auth can use to identify the user (hopefully!!!)

    Only problem is that after this

    Copy the contents of “combined call (as GET)” into “CUSTOM API CALL” (delete any existing content) and press the “Call” button

    Im getting OAuth signature does not match

    This is where I’ve been stuck and no idea how to fix it.

    Thread Starter brianlmerritt

    (@brianlmerritt)

    Looks like the key/secret may not be set up correctly.

    Below shows you how to set up the keys via client-cli

    https://github.com/WP-API/client-cli

    The developers are fulling committed to 4.1 launch, so I don’t see us mortals getting support this side of Christmas ??

    Here is what I did so far, and maybe I missed a step:

    Installed the WP API plugin
    Installed the Oauth1 server https://github.com/WP-API/OAuth1

    I had the host install wp-cli on the server

    But when I run the $wp oauth1 add command, there is no output to show the key. So I used a plugin by someone in github that generates the keys with it.

    Question is: do I still need the client-cli installed?

    Thread Starter brianlmerritt

    (@brianlmerritt)

    ps – if the above instructions do work and you then get OAuth signature does not match on your own code then the problem is probably with the HMAC-SHA1. However, OAuth explorer should work once you have the right key and secret via WP CLI.

    I hope they come up with something better before release into 4.1. It is probably too much to hope that a better OAuth mechanism for mobiles is in place (or better documentation so I know what I am doing) ?

    Thread Starter brianlmerritt

    (@brianlmerritt)

    So at least you know what the problem is – you need to use wp cli to get the key and just need to fix that.

    Thread Starter brianlmerritt

    (@brianlmerritt)

    Since I couldn’t figure out how wp-cli worked on the server – it’s installed but doesn’t output the keys, someone pointed me out to this

    https://github.com/WP-API/OAuth1/issues/39#issuecomment-57620637

    So that plugin generates the keys, but hopefully the are the same ones

    Thread Starter brianlmerritt

    (@brianlmerritt)

    ps – are you/your host company changing directory to the actual wordpress root folder?

    cd /var/www/wordpress or whatever before running the wp command?

    I think they run the command at the root level, not in the wordpress folder. Should it be run in the index folder of the WordPress install?

    Thread Starter brianlmerritt

    (@brianlmerritt)

    That is what the instructions say…

    Just did and I’m getting the same thing when I run wp oauth1 add

    p?root@server1 [var/www/]

    but no output.

    This is crazy! ??

    So I got to the point to access.

    Missing OAuth parameter oauth_verifier

    Any ideas?

Viewing 15 replies - 1 through 15 (of 24 total)
  • The topic ‘JSON REST API from Mobile App with Authentication’ is closed to new replies.