rest_authentication_errors

I’ve toggled this two lines in routes.php

					);
					die();
				}
+				return $endpoint;
			}
 
-			return $endpoint;
		}, 99 );
	}
 

This will force JWT Auth for any REST request – This dont answer my question, but it could be helpful for anyone else who wants to force a token for any rest endpoint 🙂

It could be helpful to add a switch for something like that – IMHO a lot of users only use the rest API for them self and dont want to provide them to public 🙂

BTW: Is there any Github repo to add pull requests ?

• This reply was modified 5 years, 10 months ago by lordofdoom.

Hi @nicu_m ,

thank you for your answer 🙂 That’s exactly what I want, I’ve already modify the code locally to do this, that was also the reason why I’ve asked for a git pull request. So I could provide a working code for this (it also hides the key in the UI already and check if the bearer is defined globally (wp-config.php), if not it use the normal UI and saves to DB)

For the errors – A handling would be pretty great because in that case we could specify what permissions are needed on custom endpoints.

For the code I’ve provided above, it seems that it breaks Gutenberg (did not see this, I use classic editor)

Here is a fixed patch (for routes.php -> around line 51):

+			//Gutenberg compatibility
+			foreach ( $_COOKIE as $name => $value ) {
+				if ( 0 === strpos( $name, 'wordpress_logged_in_' ) ) {
+					return $endpoint;
+				}
+			}			

			$jwt = $jwtService->getJwtFromRequestHeaderOrCookie();
			if ( ! empty( $jwt ) ) {
				try {
					add_action( 'rest_api_init', function () {
					);
					die();
				}
+				return $endpoint;
			}
 
-			return $endpoint;
		}, 99 );
	}

Best regards and thank you for your work 🙂

• This reply was modified 5 years, 10 months ago by lordofdoom.