Great π but I’m having problems updating to 3.0.2 through Composer / wpackagist. It’s visually installing 3.0.2, but seems like 3.0.1 is installed. Looking at the svn tag, it’s is still saying 3.0.1 in jwt-auth.php. Not sure if it’s an issue or a cache that needs to recreated π
https://plugins.svn.ww.wp.xz.cn/jwt-auth/tags/3.0.2/jwt-auth.php
-
This reply was modified 2 years ago by
oan.
Hello,
Thanks for that, yes, a couple of tweaks to be made to our automated deployment process from GitHub. I’ve updated that manually just now, so hopefully that resolves it for you.
Thanks,
@dominic_ks No worries. Thought the composer cache were messing with. Thanks for quick fix πͺ
Just edited my previous post to say I was being dumb and almost immediately after I posted my complain here, I understood what I was doing wrong. π
Great plugin, easy to use and to understand. Just had some confusion on how it should work now with the refresh token, maybe work a little bit the way the refresh token explanation is, although I can’t give you now any suggestion to improve it because my head is like a fried egg right now. Hehe
-
This reply was modified 2 years ago by
maidot.
Hey @maidot No problem, thanks for confirming you got it sorted!
@dominic_ks
I installed the fresh version in my local without doing any htaccess and wp-config setup.
It does mean that when I make a REST request it returns the REST response like a bad JWT config.
In my case, it returned the same REST response as before.
I debug the plugin and see that the JWT error variable defined under the auth class is not set.
I did this test on my Chrome browser in incognito mode on this URL: http://localhost/test-wordpress/index.php/wp-json/
Also, I have checked the other default WP routes working as before and not returning a JWT bad config error.
Please check this screenshot: https://tinyurl.com/22wez72d
Hi @alexrollin. Thanks for getting in touch, though I have to say I’m not sure what the issue is that you’re reporting here.
It does mean that when I make a REST request it returns the REST response like a bad JWT config.
In my case, it returned the same REST response as before.
Are you saying your issue is that it doesn’t return an error, and you are expecting it to? If this is the case, can you confirm if the routes you are testing require authentication?
One of the major changes in V3 is the removal of the whitelist. Previously, the auth header would have been checked for all routes unless they are whitelisted. Now, the auth header is only checked if the route requires an authenticated user.
@dominic_ks
Are you saying your issue is that it doesnβt return an error, and you are expecting it to?
Yes, previously it returns the error.
If this is the case, can you confirm if the routes you are testing require authentication?
How should I confirm the default WP routes require authentication?
One of the major changes in V3 is the removal of the whitelist. Previously, the auth header would have been checked for all routes unless they are whitelisted. Now, the auth header is only checked if the route requires an authenticated user.
Understood. Are you pointing to the route’s permission_callback? If yes, I need to find a different solution now.
Can you please elaborate a little bit more? or if you can provide an example that would be best.
I have created a plugin for my client that restricts the default WP APIs (and some custom routes) and allows access only if I whitelist the particular route.
Thanks
-
This reply was modified 1 year, 12 months ago by
alexrollin.
Hi @alexrollin,
Yes, I am indeed referring to the permission_callback param. I will give a couple of examples here, though I would also say that giving support for that specifically is not within the scope of this plugin, the plugin is here to provide a method of authentication only.
For custom routes, this is simple, just pass is_user_logged_in to the permission_callback:
<?php
add_action( 'rest_api_init', function () {
register_rest_route( 'myplugin/v1', '/author/(?P<id>\d+)', array(
'methods' => 'GET',
'callback' => 'my_awesome_func',
'permission_callback' => 'is_user_logged_in', // this will ensure only logged in users can access
) );
} );
As for the built in routes, I’ve not done this before, but found a couple of examples here you can try:
