Make wp-json/wp/v2/posts only available through Oauth1 autentication

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    My understanding is the various authentications send particular headers that can be used to recognize the auth method being attempted. Thus you could hook ‘rest_authentication_errors’ with an early priority that checks for the oAuth headers. If not present, return a new WP_Error object, otherwise return unchanged whatever was passed to your callback. If you hooked early enough, this should always be a null value.

    AFAIK only registered users can authorize a token through the oAuth plugin, so that part should be taken care of in any case.

    Sorry I can’t give a more definitive answer. Unless someone comes along with a better answer, it should at least give you a starting point.

    Thread Starter Deryck

    (@deryck)

    Thanks @bcworks. In the meantime I tried a few and make it work this way:

    
add_action( 'rest_api_init', 'dygo_api_init' );

function dygo_api_init() {
        // If Oauth works, the App associated user is authenticated at this point.
	if ( ! is_user_logged_in() ) {
		$response = array( "code" => "user_no_access", "message" => "No access allowed, check Oauth", "status" => 403 );
		wp_send_json_error( $response );
		die();
	}
}

    I always try to be as much “respectful” as possible with WordPress API so I still have doubts if the process I’m using it is correct.

    I will check your suggestion too and let you know.

    Regards,
    Deryck.

    • This reply was modified 7 years, 7 months ago by Deryck.
    • This reply was modified 7 years, 7 months ago by Deryck.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Make wp-json/wp/v2/posts only available through Oauth1 autentication’ is closed to new replies.