I tried modifying my .htaccess file but the website does not work:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Have you removed the # in the .htaccess file? Even though you are using the grant type user credentials (password), you must still pass the client_id and secret for the application in the header or the body as well.
Note: All grant types other than Auth Code is only for licensed users which is not covered here.
I have created a user of WordPress:
name: ‘maradona’ (with permission of the author)
password: ‘GD5xxx’
and I included in body (Postman)
grant_type: ‘password’
username: ‘maradona’
password: ‘xxxx’
see link
Then I created in OAuth Server> Clients> Add New Clients the client:
name: ‘maradona’
client_id: ‘w0PRPx’
secret: ‘rl7xx’
and I entered into the Postman Authorization tab:
Username: ‘w0PRPx’
Password: ‘rl7xx’
Then I run ‘Update Request’ and created me the key header.
see link
Finally I ran the ‘Send’ to make the POST and responded with the error ‘invalid_client’, error_description: “Clients were not found in the headers or body.”
In the .htaccess file I tried to insert ‘RewriteRule. * – [E = HTTP_AUTHORIZATION:% {HTTP: Authorization}]’ (uncommented) after RewriteBase, then even after RewriteCond and RewriteRule after, but does not work the layout and after I performed the ‘Send’ I have the same error.
Vincenzo
[please do not share credentials. It is very dangerous! ;)]
When you check the server status tab what doe the CGI line say?
Please not that there is a different between the following.
client_id is not the user name and the secret is not the password. When you pass the username and password field, use the users username and password.
pass client_id = client_id
client_secret = client_secret in the body as well if you would like.
it looks like you are mixing values.
Following the link
https://wp-oauth.com/kb/header-authorization-basic-may-not-work-expected/
I should:
… 3.Send client_id and client_secret post as a parameter in the body instead of using Basic Auth.
If (Postman) modify the Username and Password fields of the Authorization Tab (Type: Basic Auth), and instead of client_id and secret (client: ‘maradona’) insert username and password (user: ‘maradona’), after ‘send ‘I do not receive the token and gives me the same answer
“Error”: “invalid_client”
“Error_description”: “Client credentials were not found in the headers or body”
see link
http://chiptown.it/wp-content/uploads/2016/04/Schermata-2016-04-26-alle-10.20.06.png
If (Postman) modify the Username and Password fields of the Authorization Tab
If you server is running CGI then the auth headers are not being read by the server thus making the auth tab useless in postman.
Following the link
https://wp-oauth.com/kb/header-authorization-basic-may-not-work-expected/
I should:
… 3.Send client_id and client_secret post as a parameter in the body instead of using Basic Auth.
This is correct. You must also send the username and password as well.
I have added an export of user credentials for CGI servers at https://wp-oauth.com/kb/using-postman-and-wp-rest-api/. You can find the zip for download at the very bottom of the article under “Notes’
Wow! The problem is solved 🙂
i have modified my .htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{HTTP:Authorization} .
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I have deleted client_id and secret from the Postman Authorization tab,
and i have included into the keys of the body tab.
view link:
http://chiptown.it/wp-content/uploads/2016/04/ForJustinGreer.png
Thanks! 😀
Glad it is working for you know! Please let mew know if you need anything else.
Adding the string “Header always set Access-Control-Allow-Headers: Authorization” in the .htaccess file, now also reads the header! 😀
view link
My .htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
Header always set Access-Control-Allow-Headers: Authorization
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{HTTP:Authorization} .
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
