Application password issue

  • masyia

    (@masyia)


    2 years, 6 months ago

    Hello.

    Application password does not work for me with WordPress 6.4.1.
    I had a default installation, with twentytwentyfour theme and no plugins except default akismet and hello ones.
    I use php 8.0.25 and nginx 1.22.1 as webserver.

    I created application password, used my admin username and application password with following query
    curl -i -X POST -d '{ "title": "New Article Title", "content": "Your article content goes here.", "status": "draft" }' -H 'Content-Type: application/json' -u adminuser:application_pass https://domain.com/wp-json/wp/v2/posts/

    But got an error
    {"code":"incorrect_password","message":"<strong>Error:<\/strong> The password you entered for the username <strong>adminuser<\/strong> is incorrect.


    I found this thread https://ww.wp.xz.cn/support/topic/application-passwords-no-longer-authenticating/ and tried to downgrade WP to 6.3.1 – application password started to work, I created post successfully without changing access details, using same request.

    curl -i -X POST -d '{ "title": "New Article Title", "content": "Your article content goes here.", "status": "draft" }' -H 'Content-Type: application/json' -u adminuser:application_pass https://domain.com/wp-json/wp/v2/posts/                                             
    HTTP/1.1 201 Created

    To check further, upgrade to 6.3.2 broke application password again, so the change should be between 6.3.1 and 6.3.2, as written in mentioned post.

    No server settings were changed, only WP version. That’s why I think the issue is not directly server-side. However it may be that WordPress core had some changes after 6.3.1 that require specific webserver or other settings, that I miss.

    Any help is appreciated. Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator bcworkz

    (@bcworkz)

    2 years, 6 months ago

    I’m not too familiar with cURL, but I think you’ll want to send user:password base64 encoded as a basic Authorization header. The following example uses wp_remote_post(), which in turn uses cURL within when available. This does work with the latest version of WP.

    $api_response = wp_remote_post( 'http://example.com/wp-json/wp/v2/posts', array(
 	'headers' => array(
		'Authorization'=> 'Basic ' . base64_encode( 'my-user:fx3r Jsdg puRd SkTI oSUE vJ6M' ), // not a real user or password
	),
	'body' => array(
    	'title'   => 'My test',
		'status'  => 'draft', // we do not want to publish it immediately
		'content' => 'Sample post content',
		'categories' => '4', // comma separated string of IDs
		'tags' => '2, 29', // comma separated string of IDs
		'date' => '2023-10-10T10:00:00', // YYYY-MM-DDTHH:MM:SS
		'excerpt' => 'Read this test post',
		'slug' => 'new-test-post',
		'post_type' => 'post',
		'post_parent' => 0,
		// more body params are here:
		// developer.ww.wp.xz.cn/rest-api/reference/posts/#create-a-post
	),
) );
// handling of $api_response follows
    Moderator threadi

    (@threadi)

    2 years, 6 months ago

    About curl: have a look at the example here: https://developers.miniorange.com/docs/rest-api-authentication/wordpress/basic-authentication – the secret is to send the bas64-encoded authentication in the header.

    Thread Starter masyia

    (@masyia)

    2 years, 6 months ago

    @threadi @bcworkz Thank you for the tips. I tried to use base64 encoded access details with same result: post is created with 6.3.1


    curl -i -X POST -d '{ "title": "New Article Title", "content": "Your article content goes here.", "status
    ": "draft" }' -H 'Content-Type: application/json' -H "Authorization: Basic <base64encoded adminuser:password>." https://domain.com/wp-json/wp/v2/posts/  
    HTTP/1.1 201 Created

    and got an error with 6.4.1

    curl -i -X POST -d '{ "title": "Third Article Title", "content": "Your article content goes here.", "stat
    us": "draft" }' -H 'Content-Type: application/json' -H "Authorization: Basic <base64encoded adminuser:password>." https://domain.com/wp-json/wp/v2/posts/
    {"code":"incorrect_password","message":"<strong>Error:<\/strong> The password you entered for the username <strong>adminuser<\/strong> is incorrect.,}

    Again, the user/application password did not change, so I’m sure they are correct. Server settings also did not change, meaning server side is capable to accept authorization header both in base64 and not.

    I’m investigating further, trying to find any information if any specific headers should be added to php/nginx configs.

    If you have any further suggestions/advice I’d be grateful for any help.

    ihabosman

    (@ihabosman)

    2 years, 5 months ago

    Hi there,

    Same problem, my curl request not working with wordpress 6.4.2 but working when i downgrade to 6.3.1 for example

    return : <span style=”color: rgb(0, 0, 0); font-family: "IBM Plex Sans", sans-serif; font-size: 20px; white-space-collapse: collapse;”>incorrect_password</span>, code 500

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Application password issue’ is closed to new replies.