Support » Plugin: WP OAuth Server (OAuth Authentication) » Problem Using Postman and WP REST API

Viewing 10 replies - 1 through 10 (of 10 total)
  • I tried modifying my .htaccess file but the website does not work:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    #RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    Plugin Author Justin Greer

    (@justingreerbbi)

    Forum Moderator

    Have you removed the # in the .htaccess file? Even though you are using the grant type user credentials (password), you must still pass the client_id and secret for the application in the header or the body as well.

    Note: All grant types other than Auth Code is only for licensed users which is not covered here.

    I have created a user of WordPress:

    name: ‘maradona’ (with permission of the author)
    password: ‘GD5xxx’

    and I included in body (Postman)

    grant_type: ‘password’
    username: ‘maradona’
    password: ‘xxxx’

    see link

    Then I created in OAuth Server> Clients> Add New Clients the client:

    name: ‘maradona’
    client_id: ‘w0PRPx’
    secret: ‘rl7xx’

    and I entered into the Postman Authorization tab:

    Username: ‘w0PRPx’
    Password: ‘rl7xx’

    Then I run ‘Update Request’ and created me the key header.

    see link

    Finally I ran the ‘Send’ to make the POST and responded with the error ‘invalid_client’, error_description: “Clients were not found in the headers or body.”

    In the .htaccess file I tried to insert ‘RewriteRule. * – [E = HTTP_AUTHORIZATION:% {HTTP: Authorization}]’ (uncommented) after RewriteBase, then even after RewriteCond and RewriteRule after, but does not work the layout and after I performed the ‘Send’ I have the same error.

    Vincenzo

    [please do not share credentials. It is very dangerous! ;)]

    Plugin Author Justin Greer

    (@justingreerbbi)

    Forum Moderator

    When you check the server status tab what doe the CGI line say?

    Plugin Author Justin Greer

    (@justingreerbbi)

    Forum Moderator

    Please not that there is a different between the following.

    client_id is not the user name and the secret is not the password. When you pass the username and password field, use the users username and password.

    pass client_id = client_id
    client_secret = client_secret in the body as well if you would like.

    it looks like you are mixing values.

    Following the link
    https://wp-oauth.com/kb/header-authorization-basic-may-not-work-expected/
    I should:
    … 3.Send client_id and client_secret post as a parameter in the body instead of using Basic Auth.

    If (Postman) modify the Username and Password fields of the Authorization Tab (Type: Basic Auth), and instead of client_id and secret (client: ‘maradona’) insert username and password (user: ‘maradona’), after ‘send ‘I do not receive the token and gives me the same answer
       “Error”: “invalid_client”
       “Error_description”: “Client credentials were not found in the headers or body”

    see link
    http://chiptown.it/wp-content/uploads/2016/04/Schermata-2016-04-26-alle-10.20.06.png

    Plugin Author Justin Greer

    (@justingreerbbi)

    Forum Moderator

    If (Postman) modify the Username and Password fields of the Authorization Tab

    If you server is running CGI then the auth headers are not being read by the server thus making the auth tab useless in postman.

    Following the link
    https://wp-oauth.com/kb/header-authorization-basic-may-not-work-expected/
    I should:
    … 3.Send client_id and client_secret post as a parameter in the body instead of using Basic Auth.

    This is correct. You must also send the username and password as well.

    I have added an export of user credentials for CGI servers at https://wp-oauth.com/kb/using-postman-and-wp-rest-api/. You can find the zip for download at the very bottom of the article under “Notes’

    Wow! The problem is solved 🙂

    i have modified my .htaccess file:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    I have deleted client_id and secret from the Postman Authorization tab,
    and i have included into the keys of the body tab.

    view link:

    http://chiptown.it/wp-content/uploads/2016/04/ForJustinGreer.png

    Thanks! 😀

    Plugin Author Justin Greer

    (@justingreerbbi)

    Forum Moderator

    Glad it is working for you know! Please let mew know if you need anything else.

    Adding the string “Header always set Access-Control-Allow-Headers: Authorization” in the .htaccess file, now also reads the header! 😀

    view link

    My .htaccess file:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    Header always set Access-Control-Allow-Headers: Authorization
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Problem Using Postman and WP REST API’ is closed to new replies.