Basic Authentication handler for the JSON API, used for development and debugging purposes

Overview

Basic Authentication handler

This plugin adds Basic Authentication to a WordPress site.

Note that this plugin requires sending your username and password with every request, and should only be used over SSL-secured connections or for local development and testing. Without SSL we strongly recommend using the OAuth 1.0a authentication handler in production environments.

Installing

  1. Download the plugin into your plugins directory
  2. Enable in the WordPress admin

Using

This plugin adds support for Basic Authentication, as specified in RFC2617. Most HTTP clients will allow you to use this authentication natively. Some examples are listed below.

cURL

curl --user admin:password https://example.com/wp-json/

WP_Http

$args = array(
	'headers' => array(
		'Authorization' => 'Basic ' . base64_encode( $username . ':' . $password ),
	),
);

node-wpapi

const WPAPI = require('./wpapi')
const wp = new WPAPI({
    endpoint: 'https://example.com/wp-json',
    username: 'editor',
    password: 'password'
});
Comments
  • Not working since WP 4.4?

    Not working since WP 4.4?

    Hey guys,

    Just wondering if this plugin is supposed to work with WP 4.4. Seems like it has not been updated for a while, one filter has changed and by trying to debug it I feel like it is not mean to work with the latest version of WP. I might be wrong but I want to make sure. Thanks!

    opened by jordymeow 4
  • if bad username and login are provided while using wp api v2, this co…

    if bad username and login are provided while using wp api v2, this co…

    …mmit makes it so it also shows an error like it did with wp api v1. Because currently if you're using this plugin with WP API v2, it mostly works. Except if you provide a bad username and password combination, there is no error message like there was working with wp api v1. This can be troublesome if, for example, logged in admins can see all users, whereas someone who's not logged in can only see a subset.

    opened by mnelson4 3
  • Fix basic auth

    Fix basic auth

    1. Basic auth doesn't work by direct url in browser (try url like http://wp.lo/wp-json in browser)
    2. Basic auth doesn't work for wp api v2 (https://github.com/WP-API/WP-API) in cases:
    • curl -i --user user:pass http://wp.lo/wp-json/
    • curl -i --user not_exists_user:pass http://wp.lo/wp-json/
    • curl -i http://wp.lo/wp-json/
    opened by distroid 3
  •  you can use basic auth AND be logged into the browser

    you can use basic auth AND be logged into the browser

    addresses #12 in WP-API/Basic-Auth. Just required that the basic-auth take a stab at finding the current user, and if it does find the current user, then it we shouldn't have the cookie method try finding the current user separately (where it would overwrite what we've found). I've been using this while logged into my browser and using basic auth.

    opened by mnelson4 3
  • discovery in index

    discovery in index

    Basic Auth is mentioned as a way to authenticate on http://v2.wp-api.org/guide/authentication/, and it's mentioned that you should be able to discover what authentication methods are available on http://v2.wp-api.org/guide/discovery/. So should the basic auth plugin add an entry into the index's "authentication" response property? It seems to me like it should (and I'm happy to make a pull request)

    opened by mnelson4 2
  • Basic Auth seems to be broken in Wordpress 4.7.2

    Basic Auth seems to be broken in Wordpress 4.7.2

    Since upgrading to 4.7.2 any post requests to the site trigger a 401 response. I have noticed others having the same issue. Has this plugin been abandoned?

    {
      "code": "rest_cannot_create",
      "message": "Sorry, you are not allowed to create posts as this user.",
      "data": {
        "status": 401
      }
    }
    
    opened by roryashfordbentley 1
  • Make Basic-Auth part of wordpress plugins for http://wpackagist.org/

    Make Basic-Auth part of wordpress plugins for http://wpackagist.org/

    Problem

    http://wpackagist.org/ is modernizing how we control our plugins via composer. As such, I think it would be beneficial to allow this plugin to be downloaded from wordpress.

    I'm sure this was considered but perhaps put off due to specific needs. I just want an issue revolving around this particular subject.

    Discussion

    I did circumvent the need by adding composer-installer to this module #19 . By doing so, we give control to the project owner to define where they want basic-auth to install to. That is a custom plugins folder.

    opened by justinpage 1
  • Authentication happening if no auth header is sent.

    Authentication happening if no auth header is sent.

    If basic auth is used, we need to return null for json_basic_auth_error. Right now, if basic auth isn't used, we just assume the user is authenticated even if no authentication method has been used.

    To confirm this bug, view /posts/?context=edit (without sending a nonce) while the Basic Auth plugin is enabled. You will see posts when you shouldn't.

    opened by tlovett1 1
  • If cookies are enabled Basic Auth doesn't work

    If cookies are enabled Basic Auth doesn't work

    The request returns the following when base64 encoded Authorization is sent:

    {
    "code":"json_not_logged_in",
    "message":"You are not currently logged in."
    }
    
    opened by BronsonQuick 1
  • is this working in wordpress 6.0?

    is this working in wordpress 6.0?

    I updated the wordpress to new version and basic auth doesnt working anymore

    im using basic auth and this headers: Authorization => Basic base64_encode(username : password)

    Im reciving unauthorized response

    opened by vinibgoulart 0
  • register_rest_route (Custom Route)

    register_rest_route (Custom Route)

    Hello, I've been trying to make a basic auth for a custom route that I made but couldn't find how to do so.

    Here's my code:

    function AllPostsByDESCDate( $data ) { $posts = get_posts(array( 'posts_per_page' => 10, 'paged' => $data['paged'], 'orderby' => 'post_date', 'order' => 'DESC', 'post_type' => array( 'post', 'page', 'custom-post-type' ), // custom post types 'post_status' => 'publish', 'suppress_filters' => true ));

    if ( empty( $posts ) ) { return null; }

    return $posts; }

    I can send a get http request without Basic Auth while sending an http request to wp-prefix/v2/posts requires me to Basic Auth.

    register_rest_route( 'wp-prefix/v2', '/AllPostsByDESCDate/(?P[a-zA-Z0-9-]+)', array( 'methods' => 'GET', 'callback' => 'AllPostsByDESCDate' ) );

    I'm using REST API TOOLBOX (https://he.wordpress.org/plugins/rest-api-toolbox/) to choose which endpoint requires an auth

    opened by yogevlahyani 0
  • 414 Request-URI Too Large The request URL is over the maximum size allowed!

    414 Request-URI Too Large The request URL is over the maximum size allowed!

    i try {{site}}/wp-json/wp/v2/posts/24?content=long_text_url_encode

    why got error 414 Request-URI Too Large The request URL is over the maximum size allowed!

    can you give me solution? thanks

    opened by wulandrima1 0
  • Axios Authentication WP-API

    Axios Authentication WP-API

    Trying WP API by Nodejs by Axios but getting Authentication issue

    curl -i  -X POST \ -H --user admin:pass -H "Content-Type: application/json" -d '{"title":"POST TWO","content":"Two","status":"publish"}' http://www.test.localhost/?rest_route=/wp/v2/projects
    

    Code in Image image

    const express = require("express")
    const axios = require("axios")
    const app = express()
    axios.defaults.baseURL = 'http://www.test.localhost/?rest_route=';
    app.get("/",(req,res)=>{
    	axios({
    		method:"POST",
    		headers:{
    			'Content-Type': 'application/json;charset=utf8',
          		'Authorization':'Basic YWRtaW46cGFzcw=='
      		},
    		url:'/wp/v2/projects',
    		data:{"title":"POST three","content":"Two","status":"publish"},
    
    	}).then(data=>{
    		res.send(data)
    	}).catch(err=>{
    		console.log(err)
    		res.send(err)
    	})
    })
    app.listen(8000,()=>{
    	console.log(`localhost:8000`)
    })
    

    working on CURL image

    working on POSTMAN image

    Getting this error

    TypeError: Converting circular structure to JSON
        --> starting at object with constructor 'ClientRequest'
        |     property 'socket' -> object with constructor 'Socket'
        --- property '_httpMessage' closes the circle
        at JSON.stringify (<anonymous>)
        at stringify (/home/tech/Desktop/Project/role/node_modules/express/lib/response.js:1128:12)
        at ServerResponse.json (/home/tech/Desktop/Project/role/node_modules/express/lib/response.js:260:14)
        at ServerResponse.send (/home/tech/Desktop/Project/role/node_modules/express/lib/response.js:158:21)
        at /home/tech/Desktop/Project/role/index.js:18:7
        at processTicksAndRejections (node:internal/process/task_queues:96:5)
    
    
    opened by techhjork 0
  •  Your WooCommerce Consumer Key and Consumer Secret are not authorised

    Your WooCommerce Consumer Key and Consumer Secret are not authorised

    No matter what I try I can't complete troubleshooter for AppMySite as it says "Your WooCommerce Consumer Key and Consumer Secret are not authorised." How does it authorise? Screenshot 2021-05-05 at 01 27 25

    opened by ChampagneProductions 1
  • ReCaptcha Error

    ReCaptcha Error

    Hi all, I am on the latest wordpress version so this may be the issue, however I get an recaptcha error every time I try to use Postman to log into to upload images.

    Here is the return when I use basic auth as the authorization. { "code": "recaptcha_error", "message": "<strong>The reCAPTCHA wasn't entered correctly. Please try it again.</strong>", "data": null }

    What could I do?

    opened by premudeshi 0
  • Login Warning

    Login Warning

    I have implemented this plugin. It works great for non logged in user but for logged in user used via Postman, it shows the following. Could you please help solve this. I have latest wordpress install till date.

    Login Warning There was an issue with your log in. Your user account has logged in recently from a different location.

    opened by abcajax 6
Owner
WordPress REST API Team
WordPress REST API Team
It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session and API Authentication

About Auth Starter It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session an

Sami Alateya 10 Aug 3, 2022
PSR-7 and PSR-15 HTTP Basic Authentication Middleware

PSR-7 and PSR-15 Basic Auth Middleware This middleware implements HTTP Basic Authentication. It was originally developed for Slim but can be used with

Mika Tuupola 430 Dec 30, 2022
This is a basic Oauth2 authorization/authentication server implemented using Mezzio.

Mezzio-OAuth2-Authorization-Authentication-Server This is a basic OAuth2 authorization/authentication server implemented using Mezzio. I have found so

null 1 Nov 15, 2022
A simple library to work with JSON Web Token and JSON Web Signature

JWT A simple library to work with JSON Web Token and JSON Web Signature based on the RFC 7519. Installation Package is available on Packagist, you can

Luís Cobucci 6.8k Jan 3, 2023
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

Apereo Foundation 780 Dec 24, 2022
It's authorization form, login button handler and login to your personal account, logout button

Authorization-form It's authorization form, login button handler and login to your personal account, logout button Each file is: header.php - html-fil

Galina 2 Nov 2, 2021
🔐 JSON Web Token Authentication for Laravel & Lumen

Documentation Documentation for 1.* here For version 0.5.* See the WIKI for documentation. Supported by Auth0 If you want to easily add secure authent

Sean Tymon 10.7k Dec 31, 2022
🔐 JSON Web Token Authentication for Laravel & Lumen

Credits This repository it a fork from original tymonsdesigns/jwt-auth, we decided to fork and work independent because the original one was not being

null 490 Dec 27, 2022
Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use

Introduction Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use. Official Documentation Documenta

The Laravel Framework 3.1k Dec 31, 2022
HTTP Basic Auth Guard for Lumen 5.x

HTTP Basic Auth Guard HTTP Basic Auth Guard is a Lumen Package that lets you use basic as your driver for the authentication guard in your application

Christopher Lass 40 Nov 11, 2022
Configurable Basic Auth based on Pimcore Documents

CORS Property Basic Auth This bundles allows to add basic auth based on Properties on Pimcore Documents. Simply use these properties password_enabled

CORS GmbH 1 Nov 12, 2021
PHP OpenID Connect Basic Client

PHP OpenID Connect Basic Client A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library

Michael Jett 469 Dec 23, 2022
Stateless HTTP basic auth for Laravel without the need for a database.

Laravel Very Basic Auth Documentation available in: ???? English ???? 日本語 This package allows you to add a HTTP Basic Auth filter on your routes, with

Marcus Olsson 141 Dec 31, 2022
API stubs for developing a plugin that provides a 2FA authentication factor in JobRouter®.

Authentication Factor API JobRouter® is a scalable digitisation platform which links processes, data and documents. Starting with JobRouter® 5.2, a se

JobRouter 4 Nov 4, 2021
This repository includes a sample project to illustrate the usage of the JobRouter® Authentication Factor API.

JR 2FA Example Plugin This repository includes a sample project to illustrate the usage of the JobRouter® Authentication Factor API. It can be used as

JobRouter 4 Sep 10, 2021
Authentication REST-API built with Lumen PHP Framework

Authentication REST-API built with Lumen PHP Framework Laravel Lumen is a stunningly fast PHP micro-framework for building web applications with expre

Hüseyin Yağlı 1 Oct 12, 2021
Laravel passport authentication API endpoints

Basic sample code for Laravel/Passport to authenticate users via API

Devdreamsolution 2 Oct 19, 2021
Laravel JWT-Authentication API starter kit for rapid backend prototyping.

Laravel JWT API A Laravel JWT API starter kit. Features Laravel 8 Login, register, email verification and password reset Authentication with JWT Socia

Oybek Odilov 3 Nov 6, 2022
Single file PHP that can serve as a JWT based authentication provider to the PHP-CRUD-API project

Single file PHP that can serve as a JWT based authentication provider to the PHP-CRUD-API project

Maurits van der Schee 163 Dec 18, 2022