Title: Rest api error invalid_username
Last modified: July 2, 2024
---
# Rest api error invalid_username
* Resolved [mishaml](https://wordpress.org/support/users/mishaml/)
* (@mishaml)
* [1 year, 11 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/)
* Hi. I’ve been testing login via google using rest api. And every time i see an
error [https://i.imgur.com/tyIvaR6.png](https://i.imgur.com/tyIvaR6.png). I’ve
tried to setup postman according to screen, what the problem could be. I’ve changed
theme to solve the problem, however still the same.
* ```wp-block-code
{ "code": "invalid_username", "message": "Chyba: Neznámé uživatelské jméno. Zkontrolujte to znovu nebo zkuste svou e-mailovou adresu.", "data": { "status": 401 }
```
Viewing 12 replies - 1 through 12 (of 12 total)
* Plugin Support [Laszlo](https://wordpress.org/support/users/laszloszalvak/)
* (@laszloszalvak)
* [1 year, 11 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17863548)
* Hi [@mishaml](https://wordpress.org/support/users/mishaml/)
* To avoid misunderstandings the first thing that I need to mention is that, our
REST API can not handle the login or the registration process itself. As we mention
in the documentation of our REST API:
- [https://nextendweb.com/nextend-social-login-docs/nextend-social-login-rest-api/](https://nextendweb.com/nextend-social-login-docs/nextend-social-login-rest-api/)
* it can help you only in figuring out if the social media account ( associated
with the access token that you posted ) is linked to an existing WordPress account
of your site or not. If it is already linked, then our REST API will return the
ID of the WordPress account.
* We checked this functionality on your site, by posting a Google access token
to the REST API endpoint of our Google provider and it returned the User ID just
fine. Can you reproduce the problem right now? ( Make sure you test it a valid
access token! )
* If you can, then normally this “invalid_username” error code should not be triggered
on our REST API at all, as we have nothing to do with usernames at this point.
So I find it possible that you have a third party plugin, or code that interfere
with REST API calls. To figure this out you should:
- disable all cache ( including server cache )
- disable all WordPress plugins except Nextend Social Login
- change your theme to a WordPress default one like Twenty Twenty-Four
- try posting the access token to the Google endpoint of the provider, using
Postman, like you saw in the documentation:
[https://nextendweb.com/nextend-social-login-docs/nextend-social-login-rest-api/](https://nextendweb.com/nextend-social-login-docs/nextend-social-login-rest-api/)
- if the problem no longer occurs, that confirms that you have a third party
that interferes with REST API calls. By enabling the plugins one by one (
or in small groups ) and sending the POST request again each time, you could
find the plugin that causes the problem. ( Just please note that, access tokens
expire after some time! If it expires during the conflict test make sure you
request a new one and continue the testing with the new one! )
* Best regards,
Laszlo.
* Thread Starter [mishaml](https://wordpress.org/support/users/mishaml/)
* (@mishaml)
* [1 year, 11 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17863597)
* Are there any errors in my postman code comparing to your version?
* Plugin Support [Laszlo](https://wordpress.org/support/users/laszloszalvak/)
* (@laszloszalvak)
* [1 year, 11 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17863635)
* [@mishaml](https://wordpress.org/support/users/mishaml/)
* Based on what I see in your screenshot, it seems you configured the fields in
Postman properly.
* But I don’t really see the complete access token, so feel free to get in touch
with us over the ticket system:
- [https://nextendweb.com/contact-us/nextend-social-login-support/](https://nextendweb.com/contact-us/nextend-social-login-support/)
* and send us the content of the access_token value field, then we will inspect
it if its format is correct or not, also we will give it a try as well.
* **Important note:**
Make sure you don’t share your access token on this public
forum, as the access token can be used for making certain REST API requests on
behalf of the account that the access token is associated with!
* Thread Starter [mishaml](https://wordpress.org/support/users/mishaml/)
* (@mishaml)
* [1 year, 11 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17871287)
* Do you have a code to generate access token, because it seems that in order to
test it I should set up full integration with google
* Plugin Support [Laszlo](https://wordpress.org/support/users/laszloszalvak/)
* (@laszloszalvak)
* [1 year, 11 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17872314)
* Hi [@mishaml](https://wordpress.org/support/users/mishaml/)
* One access token that you can always trust is the one that Nextend Social Login
requests from the provider. So before you implement the integration, you can
do the testing with an access token that we requested earlier. However please
note that, access tokens tend to expire after some time, so you might need to
request a new one later as you do the debugging.
* Here you can find a step by step guide of how you could inspect one of the access
token values:
1. Open this file e.g. via FTP or a Filemanager: wp-content\plugins\nextend-facebook-
connect\includes\oauth2.php
2. find this code: `$this->access_token_data = $accessTokenData;` ( it is located
inside the `authenticate()` method around line 150 )
3. add this code after it: `echo wp_json_encode($this->access_token_data);exit;`
4. try to connect with the Google provider again. ( The login will die with a blank
page with your access token printed out )
5. copy this access token and test it with the REST API test form, that our documentation
mentions:
[https://nextendweb.com/nextend-social-login-docs/nextend-social-login-rest-api/#error_msg](https://nextendweb.com/nextend-social-login-docs/nextend-social-login-rest-api/#error_msg)
6. if this works fine, then compare the structure of the working access token with
the wrong access token, that you tried to use earlier
7. Finally, don’t forget to remove the custom code that writes out the access token,
once you finished the debugging! Since if your site is live, then it will make
the login fail for the existing users, too.
* Best regards,
Laszlo.
* Thread Starter [mishaml](https://wordpress.org/support/users/mishaml/)
* (@mishaml)
* [1 year, 11 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17874783)
* Thank you, this way I can get correct access token. I found that this error occurs
when I use Woocommerce plugin. Without it api returns user id. I’ve installed
pro addon, so integration with Woocommerce should work.
* Plugin Support [Laszlo](https://wordpress.org/support/users/laszloszalvak/)
* (@laszloszalvak)
* [1 year, 11 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17875693)
* [@mishaml](https://wordpress.org/support/users/mishaml/)
* We haven’t received any feedback about such conflicts with WooCommerce. But just
in case, I installed and activated the latest WooCommerce on my local test site,
and our REST API returned the user ID just fine, even if WooCommerce was enabled.
* So if your problem occurs only if WooCommerce is enabled, then I find it possible
that your problem is not directly connected to WooCommerce, but maybe you have
a third party plugin with a wrong REST API implementation, and maybe that plugin
depends on WooCommerce, so when you have WooCommerce disabled, they won’t run
their codes either. You can confirm this by:
- changing your theme to a WordPress default one ( e.g. Twenty Twenty-Four)
- then disable all plugins expect Nextend Social Login
- then post a valid access token to our REST API endpoint and see if the problem
still occurs
- if it doesn’t then enable WooCommerce and post it again and check if the problem
will occur or not
- if it won’t, then you can start enabling the rest of your plugins one by one,
post the access token and repeat this until you find the plugin that causes
a REST API error. The plugin that causes the problem, most likely have its
codes implemented wrongly, so they run their codes in other plugin’s REST
API endpoints, too.
* Best regards,
Laszlo.
* Thread Starter [mishaml](https://wordpress.org/support/users/mishaml/)
* (@mishaml)
* [1 year, 10 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17893593)
* I found that this error is triggered in wp-includes/user.php. To bypass it I
should set filter application_password_is_api_request to false. I’m not sure
about why this error occur in my case, however it would be great to implement
this fix in plugin in case someone also catches it.
* Plugin Support [Laszlo](https://wordpress.org/support/users/laszloszalvak/)
* (@laszloszalvak)
* [1 year, 10 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17894867)
* Hi [@mishaml](https://wordpress.org/support/users/mishaml/)
* I am glad you managed to find a solution, however I think this approach just
hides the real problem, since if you send a request to the REST API endpoint
of one of our providers, then that is still an API request and by setting the“
application_password_is_api_request” filter to “false”, you basically tell WordPress
that it is not an API request, so it will ignore some of the security measures,
that it does right now.
* What is strange to me is that, by default WordPress fires the “application_password_is_api_request”
filter only in the wp_authenticate_application_password() function:
- [https://developer.wordpress.org/reference/functions/wp_authenticate_application_password/](https://developer.wordpress.org/reference/functions/wp_authenticate_application_password/)
* and by default this function is used at 2 places only:
- it is hooked to the “authenticate” filter ( However we don’t use this filter
at the time when you post the access token to our REST API endpoint, since
as I stated earlier at this point we don’t log the user in, we just check
if there is a user with the access token or not. We fire the “authenticate”
filter only when we actually log the user in via social login )
- and it is also used within the wp_validate_application_password() function–
which is hooked to the determine_current_user filter –
* Based on this, I think your issue comes from that, something – maybe a security
plugin – protects your REST API, makes it available only for the authorized requests:
- [https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/](https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/)
* The way you could find the place where the filter gets triggered from is writing
out its callstack, something like this:
* ```wp-block-code
add_filter('application_password_is_api_request', function($is_api_request){ echo ""; debug_print_backtrace(); exit; });
```
* Then you should post the access token to the REST API endpoint of our provider,
then the page should die and write out the callstack of the application_password_is_api_request
filter. If you inspect that, it might tell you which plugin fires it and where.
* **Important note:**
* You should probably do this modification over FTP or over the file manager of
your server host, since the code above will make all pages die – with a blank
page and the call stack printed – where the filter is applied, so if it is used
other unexpected places too, then it could lock you out of your site. But with
FTP you can remove the code once you are done with the debugging.
* Best regards,
Laszlo.
* Thread Starter [mishaml](https://wordpress.org/support/users/mishaml/)
* (@mishaml)
* [1 year, 10 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17895240)
* ```wp-block-code
#0 /home/cp538923/sushijo.cz/dev/wp-includes/class-wp-hook.php(324): fix_nextend_error(true)#1 /home/cp538923/sushijo.cz/dev/wp-includes/plugin.php(205): WP_Hook->apply_filters(true, Array)#2 /home/cp538923/sushijo.cz/dev/wp-includes/user.php(366): apply_filters('application_pas...', true)#3 /home/cp538923/sushijo.cz/dev/wp-includes/user.php(504): wp_authenticate_application_password(NULL, 'ck_c060bcf330ff...', 'cs_c3a66547734c...')#4 /home/cp538923/sushijo.cz/dev/wp-includes/class-wp-hook.php(324): wp_validate_application_password(false)#5 /home/cp538923/sushijo.cz/dev/wp-includes/plugin.php(205): WP_Hook->apply_filters(false, Array)#6 /home/cp538923/sushijo.cz/dev/wp-includes/user.php(3668): apply_filters('determine_curre...', false)#7 /home/cp538923/sushijo.cz/dev/wp-includes/pluggable.php(70): _wp_get_current_user()#8 /home/cp538923/sushijo.cz/dev/wp-includes/user.php(658): wp_get_current_user()#9 /home/cp538923/sushijo.cz/dev/wp-content/plugins/woocommerce/includes/class-wc-rest-authentication.php(125): get_current_user_id()#10 /home/cp538923/sushijo.cz/dev/wp-includes/class-wp-hook.php(324): WC_REST_Authentication->authentication_fallback(NULL)#11 /home/cp538923/sushijo.cz/dev/wp-includes/plugin.php(205): WP_Hook->apply_filters(NULL, Array)#12 /home/cp538923/sushijo.cz/dev/wp-includes/rest-api/class-wp-rest-server.php(197): apply_filters('rest_authentica...', NULL)#13 /home/cp538923/sushijo.cz/dev/wp-includes/rest-api/class-wp-rest-server.php(436): WP_REST_Server->check_authentication()#14 /home/cp538923/sushijo.cz/dev/wp-includes/rest-api.php(420): WP_REST_Server->serve_request('/nextend-social...')#15 /home/cp538923/sushijo.cz/dev/wp-includes/class-wp-hook.php(324): rest_api_loaded(Object(WP))#16 /home/cp538923/sushijo.cz/dev/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(NULL, Array)#17 /home/cp538923/sushijo.cz/dev/wp-includes/plugin.php(565): WP_Hook->do_action(Array)#18 /home/cp538923/sushijo.cz/dev/wp-includes/class-wp.php(418): do_action_ref_array('parse_request', Array)#19 /home/cp538923/sushijo.cz/dev/wp-includes/class-wp.php(813): WP->parse_request('')#20 /home/cp538923/sushijo.cz/dev/wp-includes/functions.php(1336): WP->main('')#21 /home/cp538923/sushijo.cz/dev/wp-blog-header.php(16): wp()#22 /home/cp538923/sushijo.cz/dev/index.php(17): require('/home/cp538923/...')
```
* I’ve tried to print the backtrace, and all I see is that woocommerce is making
it’s authentification for rest route, not any signs of another plugins
* Thread Starter [mishaml](https://wordpress.org/support/users/mishaml/)
* (@mishaml)
* [1 year, 10 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17895322)
* Finally, I also try your example code [https://gist.github.com/nextendweb-laszlo/8753826f1fdc1fae84342d3b957b18d3#file-nsl-register-link-skeleton-php](https://gist.github.com/nextendweb-laszlo/8753826f1fdc1fae84342d3b957b18d3#file-nsl-register-link-skeleton-php)
to implement rest api login on my site. And when I turn off Woocommercee this
code seems to work, otherwise it’s not working as expected and returns an error.
So I think that Woocommerce somehow interferes with Nextend Social Login
* Plugin Support [Laszlo](https://wordpress.org/support/users/laszloszalvak/)
* (@laszloszalvak)
* [1 year, 10 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17895484)
* [@mishaml](https://wordpress.org/support/users/mishaml/)
* I haven’t managed to reproduce this problem on my test site, but I checked the
codes of WooCommerce, and it seems their WC_REST_Authentication class hooks a
function:
* ```wp-block-code
add_filter( 'rest_authentication_errors', array( $this, 'authentication_fallback' ) );public function authentication_fallback( $error ) { if ( ! empty( $error ) ) { // Another plugin has already declared a failure. return $error; } if ( empty( $this->error ) && empty( $this->auth_method ) && empty( $this->user ) && 0 === get_current_user_id() ) { // Authentication hasn't occurred during determine_current_user, so check auth. $user_id = $this->authenticate( false ); if ( $user_id ) { wp_set_current_user( $user_id ); return true; } } return $error;}
```
* that they run without any conditions that would make it specific to their own
endpoints. This way they will run their codes on other plugin’s REST API endpoints.
The reason your get to their authentication specific error is because they run
the get_current_user_id() function here as well, so the determine_current_user
filter will be fired at a later point.
* Could you check please if you also experience the earlier mentioned error message
from WooCommerce, if you post the access_token of a social media account which
is already linked to an existing WordPress account on your site?
* If the problem won’t occur in that case, then I find it possible that this could
have a connection to that, our get_user REST API returns NULL value when we didn’t
manage to find any users with the access token. If that is the case, then what
you could try is modifying the get_user() method in this file:
- /wp-content/plugins/nextend-facebook-connect/NSL/REST.php
* so it will look like this:
* ```wp-block-code
public function get_user($request) { $provider = NextendSocialLogin::$enabledProviders[$request['provider']]; try { $user = $provider->findUserByAccessToken($request['access_token']); } catch (Exception $e) { return new WP_Error('error', $e->getMessage()); } if ($user === null) { return new WP_Error( 'user_does_not_exist', __( 'That user does not exist.' ) ); } return $user; }
```
* basically this is the extra code that you need to add to it before the return
statement:
* ```wp-block-code
if ($user === null) { return new WP_Error( 'user_does_not_exist', __( 'That user does not exist.' ) ); }
```
* This way, we would throw an error with the “user_does_not_exist” error code,
if no user exists with the access token.
* Please let me know if this worked, so we will add this modifications to our own
codes, too. So you won’t lose the changes once you update the plugin.
Viewing 12 replies - 1 through 12 (of 12 total)
The topic ‘Rest api error invalid_username’ is closed to new replies.
* 
* [Nextend Social Login and Register](https://wordpress.org/plugins/nextend-facebook-connect/)
* [Frequently Asked Questions](https://wordpress.org/plugins/nextend-facebook-connect/#faq)
* [Support Threads](https://wordpress.org/support/plugin/nextend-facebook-connect/)
* [Active Topics](https://wordpress.org/support/plugin/nextend-facebook-connect/active/)
* [Unresolved Topics](https://wordpress.org/support/plugin/nextend-facebook-connect/unresolved/)
* [Reviews](https://wordpress.org/support/plugin/nextend-facebook-connect/reviews/)
* 12 replies
* 2 participants
* Last reply from: [Laszlo](https://wordpress.org/support/users/laszloszalvak/)
* Last activity: [1 year, 10 months ago](https://wordpress.org/support/topic/rest-api-error-invalid_username/#post-17895484)
* Status: resolved