WordPress REST API call generates nonce twice on every call
WordPress REST API call generates nonce twice on every call
WordPress REST API call generates nonce twice on every call
When working with the API recently I found if the authentication header with the consumer key as the username and the consumer secret as the password is present and valid this sets the current user global as the matched user. I found the core executes the REST route until current_user_can is called, at which point … Read more
I’m not familiar with the Dropbox API or their libraries, but most likely you’ll need to write your own session handler to store the session data in your WP DB (or wherever you want, safely) and associate it with your user account. Essentially adusting this line: $storage = new \Dropbox\OAuth\Storage\Session($encrypter);. EDIT: If it’s the WordPress … Read more
A recent comment brought my attention to this question, which I had posted. I had also posted another question regarding this topic, and had later solved it and posted an answer, here: JWT authentication with WP – Approach Copying that answer here, so that it helps someone who stumbles across this implementation: The endpoint coded … Read more
I assume that your custom dashboard is on a different domain/subdomain than the WordPress installation. Cookies can only be set for the current domain. Typically cookies will not work cross domain. So your dashboard cannot create a cookie for the WordPress website. Theoretically it’s possible to bypass with some server configurations, but this technique has … Read more
IFTTT.com connects to your WordPress site via XML-RPC, as the dudes at wpbeginner.com already found out: Go to IFTTT and create your account. IFTTT works with all WordPress.org self-hosted blogs (version 3.x and above) and WordPress.com blogs as well. You MUST have XML-RPC enabled to work with IFTTT.
You can not set cookies form site A that will be applicable on site B, therefor your “login by proxy” scheme will not work, and can not be made to work. In addition storing passwords in plain text is just a big no-no.
I know it’s a bit far fetched, but might help. For anyone looking for WP REST API implementation with JWT, here’s our solution. Add it to your function.php add_action(‘rest_api_init’, ‘wp_rest_user_endpoints’); /** * Register a new user * * @param WP_REST_Request $request Full details about the request. * @return array $args. **/ function wp_rest_user_endpoints($request) { /** … Read more
What you found is actually perfectly accurate. With WP’s commitment to backwards compatibility it’s not that common for thing to stop working. This filter is used in wp_set_auth_cookie() to calculate the duration. Resulting value is used in PHP’s setcookie(). There is no mention of specifics limits in documentation, so in practice the value is limited … Read more
The function wp_logout (https://github.com/WordPress/WordPress/blob/master/wp-includes/pluggable.php#L564) calls the function wp_clear_auth_cookie (https://github.com/WordPress/WordPress/blob/master/wp-includes/pluggable.php#L928) which sets the expiration dates of all involved cookies to something in the past. Also for the LOGGED_IN_COOKIE. Hence, what you observe is strange. For sites that I maintain, the cookie will be cleared when I log out.