WP rest api jwt auth

Question

我想在这个插件中使用WP REST API auth：https://github.com/Tmeister/wp-api-jwt-auth

我在POST上使用此req获取令牌：http://localhost/wp_rest/wp-json/jwt-auth/v1/token

但我无法发布邮寄请求： 本地主机/ wp_rest /可湿性粉剂JSON / WP / V2 /讯息

我收到错误 403 ：

{
    "code": "rest_forbidden"
    "message": "You don't have permission to do this."
    "data": {
        "status": 403
    }
}

在我的标题中，我有这个：

Authorization: Bearer
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3RcL3dwX3Jlc3QiLCJpYXQiOjE0NTAzNDEwMTgsIm5iZiI6MTQ1MDM0MTAxOCwiZXhwIjoxNDUwOTQ1ODE4LCJkYXRhIjp7InVzZXIiOnsiaWQiOiIxIn19fQ.rGNPsU4EocClWLYWaSDs1hDJMODszg-eKfqnKSEsiw0

我尝试使用localhost / wp_rest / wp-json / jwt-auth / v1 / token / validate但我收到此错误：

{
    "code": "jwt_auth_no_auth_header",
    "message": "Authorization header not found.",
    "data": {
        "status": 403
    }
}

有什么想法吗？

Answer 1

您的请求中似乎没有包含授权标头。您需要在请求标头中添加'Authorization': 'Bearer PLACE_TOKEN_HERE'。

作为样本：

var req = {
    method: 'POST',
    url: window.location.href + 'wp-json/wp/v2/posts',
    headers: {
      'Authorization': 'Bearer ' + TOKEN_GOES_HERE
    }
    data: DATA TO PASS GOES HERE
}
$http(req);

Answer 2

如果Leo Gono和Tunaki提供的答案仍然无法解决您的问题，请确保您已.htaccess添加RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1] 如果您正在使用public void prepare(Map arg0, TopologyContext context, OutputCollector collector) { httpclient = HttpAsyncClients.createDefault(); httpclient.start(); _collector = collector; } public void execute(Tuple tuple) { try{ if( !isTickTuple(tuple) ) { data = (data)tuple.getValueByField("source"); httpCall(data,"http://"); } }catch(Exception e){ logger.warn(e.getMessage()); if(logger.isDebugEnabled())logger.debug(e.getMessage(),e); }finally{ _collector.ack(tuple); } } public void httpCall(String data,String url) { HttpPost postRequest = new HttpPost(url); HttpEntity httpEntity = null; //CloseableHttpAsyncClient httpclient = HttpAsyncClients.createDefault(); postRequest.addHeader("content-type", "application/json"); postRequest.setEntity(httpEntity); HttpAsyncRequestProducer producer = HttpAsyncMethods.create(postRequest); AsyncCharConsumer<HttpResponse> consumer = new AsyncCharConsumer<HttpResponse>() { HttpResponse response; @Override protected void onResponseReceived(final HttpResponse response) { this.response = response; } @Override protected void onCharReceived( CharBuffer buf, IOControl ioctrl) throws IOException { // Do something useful } @Override protected void releaseResources() { } @Override protected HttpResponse buildResult( HttpContext context) { return this.response; } }; httpclient.execute(producer, consumer, new FutureCallback<HttpResponse>() { @Override public void completed(HttpResponse response) { int responseCode = response.getStatusLine().getStatusCode(); if(logger.isDebugEnabled())logger.debug("Response code::"+responseCode ); if (responseCode == HttpServletResponse.SC_OK) { HttpEntity entity = response.getEntity(); try { String data = EntityUtils.toString(entity, "UTF-8"); if(logger.isDebugEnabled())logger.debug("Response string"); updatedata(data); } catch (ParseException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } } if(logger.isDebugEnabled())logger.debug("completed Method:::: "+response.toString()); } @Override public void failed(Exception ex) { if(logger.isDebugEnabled())logger.debug("!!! Async http request failed!", ex); } @Override public void cancelled() { if(logger.isDebugEnabled())logger.debug("Async http request canceled!"); } }); } 阿帕奇：

String data = EntityUtils.toString(entity, "UTF-8"); 

确保将这些行放在最后一行之前，使用＆＃34; [L]＆＃34;在你的.htaccess中，否则它不会得到处理。

授权标头可能被框架设置的服务器丢弃。 （我必须改变Laravel的htaccess）

Answer 3

我在设置相同的插件时遇到了类似的问题，因此我创建了一个视频，详细说明了我为快速启动测试环境，安装插件，执行插件工作所需的设置以及验证其功能所遵循的流程。

这是：https://youtu.be/Mp7T7x1oxDk

Answer 4

我有完全相同的问题。我的解决方案很简单。

使用该工具（在我的情况下是postman（https://www.getpostman.com）），我选择手动添加Authentication标头（强制标头）。您可能希望在使用代码时手动设置它，在HTTP标头部分下（不是作为参数，以防万一:)）。

亲切的问候， 莱因哈德