LearnPress – Course Review: version 4.1.5
LearnPress – Course Wishlist Version 4.0.8

Some months ago I set up a JWT token authentication for posting new posts in my wordpress. It was working successfully until I moved my site to a WordPress multisite.

The token is being created correctly but when I fetch REST API to POST to a post type, I get this error:

   POST https://xxxxxx.xxx/wp-json/wp/v2/dashboard 401 (Unauthorized)

Searching about it in your docs and found this 401 error that seems similar to mine but headers are being sent and I see nothing in my server logs.

I also tried to add this piece of code to my htaccess apache server but nothing seems to happen:
Img link

Do you have any other idea about how to proceed on this? No idea why this is happening in my multisite wordpress :/

Thanks!

Steps to recreate:

1. In wp-admin, click Appearance > Widgets
2. Make small change like adding an image or updating test.
3. Error appears at bottom of screen, changes can’t be made
   

Disabling this plugin allows the changes to be made. I am using the JWT Authentication method, wit the normal Protected wordpress default REST APIs.

if (defined(‘REST_REQUEST’) && REST_REQUEST) {
return $user;
}

It would be helpful to have a similar setting for the REST API as the one available for XML-RPC.

Error msg:

Failed to delete post with id 873 on https://xxxxx.com. Status code: 401, Response: {"code":"rest_cannot_delete","message":"Sorry, you are not allowed to delete this post.","data":{"status":401}}

Reverting to v4.0 the error disappears.

The puzzling thing is that I can make posts ok with another custom script and it uses the same authentication details I use in my remove_post script.

Authentication code:

# Setup the authentication credentials
username = "xxxxx"
password = "xxxxxxxxxx"
token = base64.b64encode(f'{username}:{password}'.encode("utf-8")).decode("utf-8")
headers = {
    "Authorization": "Basic " + token,
    "Referer": "https://yahoo.com",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3",
}

I set up JWT authentication years ago for an external application of mine to update a specific blog post each day with new text content. It’s worked flawlessly all this time (so thank you for that)

…. until yesterday something broke for the first time in years.

I’ve inserted debug lines at every stage of the update process in my application:

1. I send credentials and successfully get a valid jwt_token back
2. Confirmed token received
3. Send authentication request and get authorization token response
4. Something went wrong! 401 – Unauthorized {“code”:”rest_cannot_edit”,”message”:”sorry, you are not allowed to edit this post.”,”data”:{“status:”:401}}

I’m using the standard: /wp-json/wp/v2/posts/{id} endpoint and the post permissions haven’t changed and the WP user has sufficient persmissions.

I saw that the plugin released a new version recently so I rolled back all plugins to a few days ago prior to your latest release but I’m still running into the error.

I’m going to continue to look for any other conflicting plugins or sources but I wanted to drop a line here to see if you have any recommendations or tests that I should run to narrow things down? All of the debugging I’ve done is on my application side parsing responses, are there any other logs on plugin side?

Thanks!

Evan

It wasn’t there before, but now it looks like the screenshot. I didn’t issue an open API, I only use JWT tokens. Is this a hack?

If there is a way to block openAPI, please let me know.

The setup guide does not cover how to append the argument to autologin using JWT as URL parameter. Upon doing some Google search, I found out that there are some parameters which needed to be added in php. But they didn’t mention which php

Can someone help me with this?