• Resolved srothweiler

    (@srothweiler)


    Hello,

    I am using the Force Login plugin together with WooCommerce and the official WooCommerce mobile app.

    The WooCommerce app works correctly when Force Login is disabled. As soon as Force Login is enabled, the app can no longer connect to my store.

    WooCommerce Support informed me that the required REST API endpoints need to remain accessible and suggested configuring Force Login so that the REST API (/wp-json/) is excluded from the login requirement.

    Could you please provide a code snippet or configuration that allows the REST API endpoints (/wp-json/) to remain accessible while Force Login stays active?

    My goal is to keep the frontend login requirement enabled so that visitors are still redirected to the login page as usual, while the WooCommerce mobile app can access the required REST API endpoints and connect successfully.

    Thank you for your help.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter srothweiler

    (@srothweiler)

    Hello,

    I did some further testing and found the following:

    • The WooCommerce mobile app connects successfully when Force Login is disabled.
    • The connection fails immediately when Force Login is enabled.
    • /wp-json/ is accessible and returns valid JSON.
    • The REST API output contains the authentication.application-passwords.endpoints.authorization entry and correctly points to /wp-admin/authorize-application.php.
    • authorize-application.php works correctly in the browser when logged in as an administrator.
    • XML-RPC is working.
    • HTTPS is working.
    • I also tested bypassing the rest_authentication_errors restriction, but the WooCommerce app still could not connect.

    Based on these tests, it appears that the issue is not simply that the REST API is blocked. It seems that Force Login is intercepting or redirecting an authentication request used by the WooCommerce mobile app during the application password authorization process.

    Could you please advise which additional endpoint(s) or request(s) used by the WooCommerce mobile app need to be excluded via v_forcelogin_bypass?

    Plugin Author Kevin Vess

    (@kevinvess)

    Check out this related support thread:
    https://wordpress.org/support/topic/blocking-rest-api/

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.