Support » Plugin: Force Login » Using this plugin for REST API

  • Resolved finderlars

    (@finderlars)


    Hello,

    I’m developing a mobile app using WP as backend with its REST API. I’m restricting content using your plugin and combining it with this JWT auth plugin. I couldn’t find a way to whitelist the endpoints of the api using your plugin.

    I tried to apply the filter as you mentioned in FAQ, but it didn’t work:

    function my_forcelogin_whitelist( $whitelist ) {
      $whitelist[] = home_url( '/wp-json/jwt-auth/v1/token/' );
      $whitelist[] = home_url( 'wp-json/jwt-auth/v1/token/validate' );
      return $whitelist;
    }
    add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );

    I also will need to make “reset password” and user creation endpoints public. Could you please tell me what am i doing wrong?

    PS: i won’t use wordpress as front-end at all. We’re using 100% backend only.

    Thanks in advance.

    • This topic was modified 2 months, 1 week ago by finderlars.
    • This topic was modified 2 months, 1 week ago by finderlars.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Kevin Vess

    (@kevinvess)

    Hi– thanks for using Force Login!

    Check out my response to this similar support post:
    https://wordpress.org/support/topic/jwt-authentication/

    Hello, Kevin

    Thanks for your reply. It is strange that nothing changed since your reply to that other post, considering it is a very used JWT plugin.

    Are you aware of any other JWT plugin that can be works well with yours? Unfortunately, i can’t solve this by removing the filter.

    Thanks!

    Plugin Author Kevin Vess

    (@kevinvess)

    Unfortunately, this is an issue with the JWT Authentication plugin. It does not pass its authentication result to the rest_authentication_errors filter which would be consistent with core handling.

    You’ll need to coordinate with JWT Authentication to fix this issue.

    The best advice or direction I can give on this issue is listed in that similar thread; you need to have JWT pass its authentication result to the rest_authentication_errors filter.

    Instead of removing the v_forcelogin_rest_access filter, you could write your own function that hooks into the rest_authentication_errors filter to pass the JWT Authentication result.

    If you do find a solution to this, please share it here in case it’s helpful to others.

    Thanks, good luck!

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.