After some debugging it looks like WordPress is performing a logout when attempting to call the API with the access token since all the wp cookies are being expired. Any pointers as to why this could happen? I’ve also noted that though implicit flow is enabled, when attempting to use implicit flow I am redirected with no query string after an authorize. I’m using postman to test
I’ve been unable to reproduce this issue on a local fresh wp install.
Hi @wordpressnut1 and sorry for the issues. Most issues with undesired redirection tend to be due to another plugin being active that is designed to make a site private.
For example, there are known issues with under construction plugins, as well as plugins that require membership due to the fact that some use higher privileged actions that block all incoming connections rather than simply checking logic and blocking. It is also not uncommon for a theme to have this ability built into it.
My first recommendation would be to deactivate the theme and return to the default 2021 theme. Then do deactivate all the plugins but WP OAuth Server.
Try again and if it works, reactivate one plugin at a time until the issue comes back. This will allow you to see which plugin may be causing the issue. Then reactivate your normal theme.
Thanks for getting back to me! It looks like this is being caused by the WP w3all phpBB plug-in as the oauth plug-in works fine when this is deactivated. It’s a long shot but have you seen this before or can provide any tips on getting these two plugins to play nicely?
Well, that is good and bad news. I do not have any advice just yet because we have never seen this conflict before. Typically, when an issue arises with a plugin we add it to the list for the next version of development. This is where we have a closer look but we can’t promise anything.
I have added this conflict to the issue list.
No problem! I did some digging through the WP w3all plugin code and can see that it’s basically triggering a logout on requests which are missing the relevant phpBB cookies so not sure there’s much you can do about that on your end unless there’s a way of controlling the execution order and intercepting the request before it hits that plug-in. For now I’ve just customised that plug-in to whitelist the oauth and WP API endpoints.
Thanks for your advice and assisting with getting this resolved
