No user found when using REST API

This is happening because you are not using nonces. Because you have not provided a nonce with the request, WordPress is treating you as if you are an unauthorized/non-logged in user. This is because wordpress has no way of knowing/validating the users state.

To get this working, you will have to generate a nonce like so:

wp_create_nonce( 'wp_rest' )

and provide it to the app that is making the rest call. Once your app has the nonce value, you would add it to the rest request like so:

headers: {
    'X-WP-Nonce': nonce,
}

Once you’ve done this, WordPress will be able to use the nonce to properly validate the user and conditional checks for permissions will work as expected.

Edit

Per your comment, I thought I would elaborate as this information may be useful for anyone coming across this in the future.

A nonce is defined as a number used once. How wordpress uses them, and why it’s required is the following:

“A nonce is a “number used once” to help protect URLs and forms from certain types of misuse, malicious or otherwise. WordPress nonces aren’t numbers, but are a hash made up of numbers and letters. Nor are they used only once, but have a limited “lifetime” after which they expire. During that time period the same nonce will be generated for a given user in a given context. The nonce for that action will remain the same for that user until that nonce life cycle has completed.

WordPress’s security tokens are called “nonces” despite the above noted differences from true nonces, because they serve much the same purpose as nonces do. They help protect against several types of attacks including CSRF, but do not protect against replay attacks because they aren’t checked for one-time use. Nonces should never be relied on for authentication or authorization, access control. Protect your functions using current_user_can(), always assume Nonces can be compromised.

For an example of why a nonce is used, an admin screen might generate a URL like this that trashes post number 123.”

The TLDR is that nonces are used in conjunction with user authentication cookies provided in the rest request, just like with any server side request. Nonces just provide an additional layer that can be relied on to ensure the user is who they say they are. It’s not a replacement for authentication per se.

For a comprehensive description, see https://codex.wordpress.org/WordPress_Nonces#:~:text=WordPress%20nonces%20aren’t%20numbers,user%20in%20a%20given%20context.

Related Posts:

  1. Rest api return all users (even without content) to all users
  2. Retrieve all users from wordpress database via REST/JSON API
  3. How can I get users email (and additional data) from the rest API?
  4. Basic auth WordPress REST API dilemma
  5. WordPress keeps asking for connection information in localhost
  6. Admins can’t edit each other’s posts
  7. Is there a simple way to manage capabilities per user?
  8. get_userdata by username
  9. Can I create users that have access to *some* other users posts instead of all other users posts?
  10. Set default page for user account in admin
  11. How do I customize the dashboard?
  12. Managing Users and Creating Groups [closed]
  13. Are User Levels Still Currently Used?
  14. Rest API code to get ID of current user not working: get_current_user_id() gives 0
  15. WordPress API for search
  16. Fix permissions for users role
  17. Is there a way to identify a user in a custom REST API method? [duplicate]
  18. How to force authors to ‘submit for review’?
  19. How can I authenticate user credentials against a WordPress instance?
  20. How do I let contributors edit their posts after being approved once?
  21. WordPress REST Api: update user
  22. REST API: wp_get_current_user not working on second call
  23. Does it matter if the very first user, usually Admin, does not have a user ID of 1?
  24. Groups and subgroups for permission
  25. User can’t search himself on rest api
  26. How to verify which WordPress user requested the API in ASP .NET Core?
  27. Need to use WordPress page as authentication for different service
  28. Is there a way to call via javascript if a user is logged-in on a static html file?
  29. change user password REST API
  30. Show posts who published after registration date
  31. how to retrieve user via rest api using custom meta and/or email
  32. Getting user data via ajax
  33. Get UserInfo from WordPress
  34. How can I display Only the first Array/Object?
  35. How to customize user rest api?
  36. The same session information for peer users on two different WordPress servers
  37. REST API list_user
  38. How to update a user with REST API v2 knowing only the username?
  39. User Permissions on custom post type
  40. REST_query_vars for users
  41. WordPress install checking permissions of user id 0
  42. What’s the most secure way to grant a user permission to update in a multisite?
  43. Why does a super admin on multi site get a rest_user_invalid_id error code when requesting user details through REST?
  44. current_user_can() returning true for capability when the user and role do not have the capability
  45. Recognize logged WP user in existing REST API
  46. Can’t retrieve user email address with REST API
  47. How to get userid at wp_logout action hook?
  48. What’s the difference between the capability remove_users and delete_users?
  49. How to hide media uploads by other users in the Media menu?
  50. Get users with atleast one post
  51. edit profile validation refreshes all field if missing wordpress
  52. Wp_User_Query not sorting by meta key
  53. Get total number of authors on the site
  54. How to migrate wordpress users from one blog to another
  55. How can I link users across multiple subdomains?
  56. Create user with author role but no login information
  57. Importing Existing Users with Passwords
  58. Create not-activated user in code, wordpress
  59. Is there any function available to echo current user’s profile url?
  60. Why wordpress showe “admin is editing…” whoever edits?
  61. Restricted registrations or removing the ability to edit your password/email
  62. Limit amout of sessions on user-by-user basis?
  63. Redirect user to login before viewing custom post
  64. Create a front user register/login/profile & logout without interfering with wp-login.php?
  65. How to export bbPress (forums, topics, replies) and all users?
  66. Translate emails into the language of the user
  67. Can I check which users ran which updates?
  68. Extend backend User search to custom user meta
  69. Bulk lock users without email address?
  70. Featured image not working, because of custom user role?
  71. How to implement friend system for WordPress?
  72. Delete user after Contact Form 7 submission [closed]
  73. is_user_logged_in() throwing undefined function error
  74. How to prevent a specific users’s profile photo (gravatar) from showing on the frontend to other users?
  75. SQL Bulk update all WordPress user’s nicknames to firstname + lastname format
  76. Redirect logged on user to a specific page based on wp user role, page id
  77. Show WordPress users in grid with image and name
  78. Automatic Website user password generation
  79. Redirect users after login
  80. How to hide some users to unlogged users [closed]
  81. List all users and current week entries
  82. Need to manually add multiple WP users with same e-mail address (with good reason)
  83. WordPress Redirect Specific User. Tired of Peter’s redirect Plugin its not working
  84. Can I edit the database to change a login?
  85. User Meta stuff
  86. How do I update user email from frontend input field?
  87. How to allow access based on the user meta flag
  88. Authentication between two different sites using the WordPress login cookie
  89. Cannot update newly added User field using wp_update_user
  90. How to create page for user?
  91. How to prevent multiple user accounts with the same meta field?
  92. How do I set a maximum upload size for a specific user role (Editor)
  93. members only products
  94. Modify the user data stdObject and add extra items to it?
  95. Create relationships between users or user roles
  96. Specific Content on pages based on user
  97. I try to add informations to User profile
  98. Privacy in WordPress
  99. How to display Most Recently Read 10 Posts by a logged in user in wordpress
  100. Export user data from Squirrly’s Starbox plugin?