2f4u

Hi @dmchale

Sorry for not responding anymore. I did not have any luck using your plugin. I did however make some changes to the set of plugins and now use the REST API succesfully. I will try your plugin again someday ??

Thanks again for your patience and for helping me out.

Cheers

• This reply was modified 2 years, 11 months ago by 2f4u.

Got it working!

In the protect endpoints tab, I tested both options. Both are working. Thanks for that, because that’s what I was actually looking for!

To make it work I had to do the following. In the general settings tab both REQUEST and Header are set on, the other two are set off. And because the REQUEST option is set on, I also send the JWT token as a parameter with every request.

Without these settings, all requests fail to authenticate. I’m not sure if this is a bug really, or if you want the REQUEST to be set on when any of the other options are set on.

One of the things that I was worried about, is that the JWT was not set correctly. I checked that using the following endpoint

?rest_route=/simple-jwt-login/v1/auth/validate&JWT=YOUR JWT HERE

Thanks for working on this subject!
I’ve installed the plugin v3.4 and the ‘Protect endpoints’ tab looks great!

The issue that I’m facing now is that 403 errors are returned whenever an endpoint is called using the JWT token. I can’t seem to figure out what settings I need to use. I’m using WordPress 5.8.1 and a VueJS front-end to make requests to the WordPress REST API.

Here’s my JS code

var url = 'https://app.sandbox.wp/?rest_route=/simple-jwt-login/v1/auth;
var payload = this.user;

const request = new Request(
    url, {
    method: "POST",
    headers: {
        "Content-type": "application/json",
    },
    body: JSON.stringify(payload)
});
                
var response = await fetch(request);
response = await response.json();

This returns a JWT token which is then stored in localstorage.

With this JWT token, subsequent requests are done to get posts. Using the Authorization header
Authorization: Bearer + JWT token

And with JS code like:

let url = this.getApiUrl() + '/wp/v2/posts';

const request = new Request(
    url, {
    method: "GET",
    headers: {
        "Content-type":"application/json",
        "Authorization": "Bearer " + token,
    }
    });

let response = await fetch(request);
response = await response.json();

All endpoints respond with the 403 (forbidden) status code.

Am I missing something here? Is this not the correct workflow?

I’ve found some time to test with another JWT plugin. This learned me that CORS are not the issue here. The status code returned is 401 (not authenticated).

This is still the case for me whenever I’m using JWT for authentication. With both plugins I get the same results when the DRA plugin is activated. I’m authenticated as administrator, so all REST endpoints should be available. BUt somehow I get a 401 for everyone of them. I’m using the Bearer: token header for authentication.

Any ideas on why this would happen?

Thanks for your elaborate answer. It’s good to know what the logic is inside the DRA plugin. I guess I should have a good look at the JWT implementation and ask for support from their side.

Hi @dmchale ,

Thanks for getting back to me so quickly, I apreciate that a lot!

Yes, I tried disabling the Disable REST API plugin (obviously ;)) and all REST API’s give proper answers when doing that. For that reason I’m posting my question to your support area first.

To make sure the Disable REST API plugin is not the one giving me hard time let me ask you this. Is this plugin handling CORS in any way at all?

Cheers!

Hi @nicu_m

Did you ever find anything on the question from @niftythree ?

I’m running into the same issue but would love to use your plugin.

Cheers!