WooCommerce OAuth 1.0 + JWT authentication with JS/React

Puuh, after a full day of research in total, I realized the problem..

First of all, the code above is not supposed to work actually. The oauth parameters have to go into the query string apparently. That’s how all WooCommerce client APIs do it:

post(endpoint, data_params, params = null) {
  const method = 'POST'

  const oauth_params = this._getOAuth().authorize({
    url: 'https://boundlessmaps.gis-ops.com' + '/wp-json/wc/v3' + endpoint + WooCommerceAPI._normalizeQueryString(params),
    method: method
  })

  return this._request.post(endpoint, data_params, {
    params: oauth_params
  })
}

So that should work in theory, but still doesn’t. The OPTIONS preflight fails. Now that’s apparently indeed a server-side problem. Basically WooCommerce has a limitation which I didn’t fully understand tbh. The way around is to avoid a preflight, which apparently is possible if you avoid Content-Type: application/json header and a body. Using axios, you just put all parameters in the query string and leave the body and headers empty. This wouldn’t work on all servers, but it does with WooCommerce luckily.

References:

The working solution is:

post(endpoint, data_params) {
  const method = 'POST'

  const oauth_params = this._getOAuth().authorize({
    url: 'https://boundlessmaps.gis-ops.com' + '/wp-json/wc/v3' + endpoint + WooCommerceAPI._normalizeQueryString(data_params),
    method: method
  })

  return this._request.post(endpoint, null, {
    params: oauth_params
  })
}

Happy hacking;)

Related Posts:

  1. What are the main differences between JWT and OAuth authentication?
  2. Authenticated request to WP REST API V2 returning 403 error on /users/me [closed]
  3. How to make an other web app can login with wordpress authentication?
  4. What is an Endpoint?
  5. Change GitHub Account username
  6. Google OAuth 2 authorization – Error: redirect_uri_mismatch
  7. How to use OAuth authentication with REST API via CURL commands?
  8. How to validate a user from ouside wordpress/php?
  9. Override user authentication with external credentials
  10. JWT authentication with WP – Approach
  11. why does WordPress need two cookies for auth/login
  12. Extend WordPress (4.x) session and nonce
  13. How to use WordPress authentication on non-WordPress page?
  14. How do I use the WP REST API plugin and the OAuth Server plugin to allow for registration and login?
  15. How does ifttt.com authenticate a supplied WordPress account
  16. Storing Dropbox Authentication?
  17. How to build a plugin that supports authenticated POST requests to the REST API from external servers?
  18. WordPress as a OAuth Provider
  19. Authentication for wordpress website
  20. How to leverage authentication outside of WordPress?
  21. How do I authenticate WP users from a chrome extension?
  22. How do I execute a wp_remote_get call using NTLM authentication?
  23. Outgoing proxy connection problem
  24. WordPress SSO with MemberPress
  25. Use WordPress with a custom OAuth2 provider
  26. Set authentication cookies to be shorter but then extend with every page load
  27. WordPress user Authentication
  28. WordPress asking for FTP details when installing plugins
  29. WP REST API GET Requests require authentication
  30. How to password protect media library files (PDF)?
  31. How to use Azure AD for authentication?
  32. implement authentication and authorization to user
  33. for a role-protected page, programmatically login user and load page
  34. guest authentication
  35. OAuth 2 and saving the authenticated user
  36. wordpress 3.9 remote token auth
  37. How to set up Shibboleth authentication for a MU site
  38. Login after “Read More” then return to article
  39. How to make WordPress use authentication from Parent Site
  40. auto logout user when user logout on one of the opened tab
  41. How can I have authenticated WordPress users automatically sign into Moodle?
  42. Requiring Authentication for Parts of WordPress Site
  43. Authenticating users with usermeta fields
  44. Getting Authentication required popup
  45. How can LDAP/Active Directory be integrated in WordPress?
  46. Authenticate Subdomain
  47. How to create new users with JWT Auth Plugin?
  48. Mirgrating a user at signon
  49. Automate WordPress Login
  50. Application to Website authentication
  51. How to authenticate using JWT by ajax?
  52. Open authenticed WordPress page from mobile app
  53. Access to customer profile with pin code
  54. WP link for reset password is not received
  55. How to add additional factor to wordpress authentication
  56. Adding a “Sign In/My Account” link to an external app
  57. Check if user is logged in, inside php file in template directory
  58. Connect my WordPress site users to my public site account without showing my public site credentials
  59. WordPress Multisite and site speed and scaleability
  60. Blocking the direct access to images in the upload folder WordPress
  61. Can you pass user/pass for HTTP Basic Authentication in URL parameters?
  62. What is the difference between authentication and authorization?
  63. wp_signon by user’s login by their particular role
  64. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  65. What ports need to be open for TortoiseSVN to authenticate (clear text) and commit?
  66. How to bypass (deprecated) reCAPTCHA V1?
  67. What is $interim_login?
  68. Set up WP Authentication from External API
  69. Login members using web services
  70. how to authenticate for the REST API from a plugin and from command line
  71. Keep Users Logged In As Long As I Like
  72. Authentication / login mechanism (non wp-admin)
  73. FTP Username and password wrong while installing theme
  74. Security error WP 4.0 + WP phpBB Bridge [closed]
  75. $_SESSION variables lost during OAuth callback
  76. How to login to WordPress site using basic authentication HTTP headers?
  77. Rest API authentication issue when called from fetch request in bundle.js
  78. Validate Custom Login field
  79. Best Way to Enable Two Step Authentication
  80. Is it possible a one click user registration with Facebook or Twitter (or other Social Networks)?
  81. How to extend expiry time of jwt wordpress token?
  82. After logout browser’s back button into twenty sixteen theme profile
  83. WordPress Login Customization for External Authentication
  84. Auto log in hook is requiring a page refresh
  85. Getting 401 from ajax using an application password
  86. How to connect android app with WordPress website?
  87. WordPress REST API calls that depend on the WordPress User
  88. Possibility to login without password
  89. Where to store credentials used in a function? [duplicate]
  90. Secure WordPress API, how?
  91. Check for empty username or password on login
  92. Users credentials and syncing from third party with WooCommerce
  93. Password Protected Page + Showing Different Page If Not Authenticated/Authorized
  94. Authentication over CURL
  95. WordPress ReAuth =1 Loop with wpCAS
  96. REST API Integration without user account?
  97. WP REST API with Basic Auth at target website
  98. Rest Api WordPress
  99. Why is SSH password authentication a security risk?
  100. How can I enforce user to use Application password to generate JWT token? [closed]