Support » Plugin: Force Login » JWT Authentication

  • Resolved mickepalm

    (@mickepalm)



    Hi there,

    I have some issues with Force Login and JWT. The Force Login locked me out and the add_filter() doesn’t work. If I turned Force Login off all is fine again. Any ideas here?

    /Regards, Micke

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Kevin Vess

    (@kevinvess)

    Hi– thanks for using Force Login!

    Check out my response to an issue posted on GitHub:
    https://github.com/kevinvess/wp-force-login/issues/35#issuecomment-346231810

    I believe this issue needs to be addressed by the JWT Authentication plugin. That plugin does not pass its authentication result to the rest_authentication_errors filter, which core WordPress and Force Login use to check for authentication.

    An alternative option, if you don’t mind the REST API being publicly accessible, is to remove the v_forcelogin_rest_access filter:

    remove_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );
    
    • This reply was modified 5 months ago by  Kevin Vess.
    mickepalm

    (@mickepalm)

    Hi Kevin,

    Yes, I have already test all of this and none is working.

    I think you have right with the plugin does not pass its authentication but when I debug I hit v_forcelogin_rest_access filter and if I comment out the WP_Error line all works.

    The result is null and is_user_logged_in is false coz I need the tokens ID and in this moment I hasn’t login.

    /Regards, Micke

    Plugin Author Kevin Vess

    (@kevinvess)

    That’s correct– when you debug, a WP_Error() is returned when the v_forcelogin_rest_access filter runs because Force Login did not detect an authenticated user at that point.

    However, the issue is caused by the JWT Authentication plugin not passing its authentication result to the rest_authentication_errors filter, which core WordPress and Force Login use to check for authentication.

    The JWT plugin would need to be updated to fix this issue, or you may remove the v_forcelogin_rest_access filter as stated above.

    I recommend you contact their support forum about fixing their plugin.

    Thanks, Good luck!

    mickepalm

    (@mickepalm)

    I agree there!

    They doesn’t have any updated version here but I will see if I can work around it instead.
    I tried to remove the filter with any luck so I try this variant instead and it seems to work perfect.

    add_filter( ‘rest_authentication_errors’, ‘__return_true’ );

    Thanks for the answers …

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.