Title: rest_authentication_errors
Last modified: July 23, 2020

---

# rest_authentication_errors

 *  Resolved [lordofdoom](https://wordpress.org/support/users/lordofdoom/)
 * (@lordofdoom)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/rest_authentication_errors/)
 * HI,
 * first of all, thank you for this plugin – It’s really great
 * I’ve played around with the new (beta) feature to allow rest authentication but
   it seems that it currently dont implement “rest_authentication_errors” in a correct
   way
 *     ```
       add_filter('rest_authentication_errors', function ($result) {
       	if (!empty($result)) {
       		return $result;
       	}
       	if (!is_user_logged_in()) {
       		return new WP_Error($_SERVER['REQUEST_URI'] . 'rest_not_logged_in', 'You are not currently logged in.', array('status' => 401));
       	}
       	return $result;
       });	
       ```
   
 * In theory this code should work, so if I add a correct JWT Token in a API request
   it should flag me as logged in, but it returns the WP_Error
 * I’ve used before this plugin: [https://github.com/jonathan-dejong/simple-jwt-authentication](https://github.com/jonathan-dejong/simple-jwt-authentication)
 * and there it is working correctly
 * Another question: Is it possible to save the decryption_key into the wp-config.
   php (e.g. define(‘SIMPLE_JWT_LOGIN_SECRET_KEY’,’xxxxxx’)) and not in the database?
 * Thank you 🙂
    -  This topic was modified 5 years, 10 months ago by [lordofdoom](https://wordpress.org/support/users/lordofdoom/).
    -  This topic was modified 5 years, 10 months ago by [lordofdoom](https://wordpress.org/support/users/lordofdoom/).
    -  This topic was modified 5 years, 10 months ago by [lordofdoom](https://wordpress.org/support/users/lordofdoom/).

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Thread Starter [lordofdoom](https://wordpress.org/support/users/lordofdoom/)
 * (@lordofdoom)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/rest_authentication_errors/#post-13158233)
 * I’ve toggled this two lines in routes.php
 *     ```
       					);
       					die();
       				}
       +				return $endpoint;
       			}
   
       -			return $endpoint;
       		}, 99 );
       	}
       ```
   
 * This will force JWT Auth for any REST request – This dont answer my question,
   but it could be helpful for anyone else who wants to force a token for any rest
   endpoint 🙂
 * It could be helpful to add a switch for something like that – IMHO a lot of users
   only use the rest API for them self and dont want to provide them to public 🙂
 * BTW: Is there any Github repo to add pull requests ?
    -  This reply was modified 5 years, 10 months ago by [lordofdoom](https://wordpress.org/support/users/lordofdoom/).
 *  Plugin Author [Nicu Micle](https://wordpress.org/support/users/nicu_m/)
 * (@nicu_m)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/rest_authentication_errors/#post-13162403)
 * Hello [@lordofdoom](https://wordpress.org/support/users/lordofdoom/),
 * The main idea of this plugin was to allow users to use `JWT` without having to
   change any code and having a simple UI.
 * Currently, all the settings for the plugin are stored in the database.
    But, 
   I can add an option, in the plugin settings, and allow you to use the value defined
   in `wp-config.php`. I think that you don’t want this value to be displayed in
   the UI.
 * I will add this feature on my todo list and I will let you know once it is implemented.
 * Also, I want to thank you for the suggestion for handling errors. I will also
   add that to my todo-list and I will come back with updates.
 * Best regards,
    Nicu.
 *  Thread Starter [lordofdoom](https://wordpress.org/support/users/lordofdoom/)
 * (@lordofdoom)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/rest_authentication_errors/#post-13163068)
 * Hi [@nicu_m](https://wordpress.org/support/users/nicu_m/) ,
 * thank you for your answer 🙂 That’s exactly what I want, I’ve already modify 
   the code locally to do this, that was also the reason why I’ve asked for a git
   pull request. So I could provide a working code for this (it also hides the key
   in the UI already and check if the bearer is defined globally (wp-config.php),
   if not it use the normal UI and saves to DB)
 * For the errors – A handling would be pretty great because in that case we could
   specify what permissions are needed on custom endpoints.
 * For the code I’ve provided above, it seems that it breaks Gutenberg (did not 
   see this, I use classic editor)
 * Here is a fixed patch (for routes.php -> around line 51):
 *     ```
       +			//Gutenberg compatibility
       +			foreach ( $_COOKIE as $name => $value ) {
       +				if ( 0 === strpos( $name, 'wordpress_logged_in_' ) ) {
       +					return $endpoint;
       +				}
       +			}			
   
       			$jwt = $jwtService->getJwtFromRequestHeaderOrCookie();
       			if ( ! empty( $jwt ) ) {
       				try {
       					add_action( 'rest_api_init', function () {
       					);
       					die();
       				}
       +				return $endpoint;
       			}
   
       -			return $endpoint;
       		}, 99 );
       	}
       ```
   
 * Best regards and thank you for your work 🙂
    -  This reply was modified 5 years, 10 months ago by [lordofdoom](https://wordpress.org/support/users/lordofdoom/).
 *  Plugin Author [Nicu Micle](https://wordpress.org/support/users/nicu_m/)
 * (@nicu_m)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/rest_authentication_errors/#post-13313257)
 * Hello [@lordofdoom](https://wordpress.org/support/users/lordofdoom/),
 * I’ve just released version `2.3.0`.
 * Here you can set the `Decryption Key` in wp-config.php
 * You just need to go to Plugin settings -> General -> Decryption Key source and
   set it to “Code”.
 * Let me know what do you think.
 * Best regards,
    Nicu.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘rest_authentication_errors’ is closed to new replies.

 * ![](https://ps.w.org/simple-jwt-login/assets/icon-256x256.png?rev=2106097)
 * [Simple JWT Login – Allows you to use JWT on REST endpoints.](https://wordpress.org/plugins/simple-jwt-login/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/simple-jwt-login/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/simple-jwt-login/)
 * [Active Topics](https://wordpress.org/support/plugin/simple-jwt-login/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/simple-jwt-login/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/simple-jwt-login/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [Nicu Micle](https://wordpress.org/support/users/nicu_m/)
 * Last activity: [5 years, 9 months ago](https://wordpress.org/support/topic/rest_authentication_errors/#post-13313257)
 * Status: resolved