Hi @divv
Thank you for using our plugin and sorry for the late response. It took some time to dig into this.
For now I have a quick-fix for you, while we add this to our to-do list to see how we can better support this kind of authentication. The quick-fix involves you editing the mu-plugin that was installed by the WP REST Cache plugin, so I hope you are comfortable doing that?
Go to /wp-content/mu-plugins/wp-rest-cache.php
and add the following lines directly after line 24 (so after the line if ( is_plugin_active( 'wp-rest-cache/wp-rest-cache.php' ) ) {
):
if ( is_plugin_active( 'wp-rest-api-authentication/miniorange-api-authentication.php' ) ) {
include_once ABSPATH . '/wp-settings.php';
wp_cookie_constants();
include_once ABSPATH . WPINC . '/pluggable.php';
include_once WP_PLUGIN_DIR . '/wp-rest-api-authentication/admin/class-miniorange-api-authentication-admin.php';
$mo = new \Miniorange_API_Authentication_Admin( 'miniorange-api-authentication', '1.0.0' );
$mo->mo_api_auth_initialize_api_flow();
}
Please let us know if it works for you!
N.B. I also did see the solution posted by miniOrange in this topic you opened for their plugin. Although it might solve the problem of showing the endpoints unauthenticated, it also disables caching for those endpoints.
Thread Starter
divv
(@divv)
My development halted here so I eventually reached for another solution regarding authentication, so I will still be using your plugin!
Since I’m using another API on my backend I decided to proxy all requests to WP through that other API which itself has JWT authentication.
Then I just block any incoming requests from outside to /wp-json
. My other API can reach this location through Basic auth which is safe enough since the calls are all done internally.
This is how I done for Apache if someone else is interested. Not the best solution but it will do for now.
<Location "/wp-json">
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Location>
Thread Starter
divv
(@divv)
Oh, forgot to mention that you will need this as well
https://github.com/WP-API/Basic-Auth
Hi @divv
Thank you for your feedback, this might help other people searching through this topic 🙂