Home Can not set OAuth on wordpress REST api
Reply: 0

Can not set OAuth on wordpress REST api

user1830 Published in May 20, 2018, 3:24 pm

I want to implement Rest api with authorization in my Wordpress website. the version of Wordpress is 4.9.5 and REST api version 2.0-beta15. For securing my apis i need to implement OAuth on my site and at first, I implement WordPress REST API – OAuth 1.0a Server from this link and this useful link. But had these issues with plugin:

  • Rest-calls still works without authorization and every un-authorized user can call my rest-apis.
  • I want to implement this inside my Android app so I had to handle all steps in the background, but with this plugin, I should show many webView to user and user should fill them and the final token is also shown to the user in webview and this does not sound good for me.

So I looking for another plugin and find JWT Authentication for WP-API. This plugin is easier and handy. I followed the instructions and can get token and add to request header to make a request and if it is the valid response is 200 and if not need to validate. Every thing seems to work fine!

But the same problem:

  • every single REST API is even working without authorization header and if I do not put header the result is 200 And all request works as before without any Authorization

This is despite documents that say:

Once you get the token, you must store it somewhere in your application, ex. in a cookie or using localstorage.

From this point, you should pass this token to every API call

So now I see that I cloud not restrict API call to have Authorization header in both plugins, how I can achieve that and what is the best solution?

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.309632 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO