I'm implementing jwt with wordpress in vueNative App. When i am call the api i am getting the provisional headers are show warning. I am getting the 403 error also .below is my code that i wrote.
axios.post('https://ishopee.in/wp-json/jwt-auth/v1/token',null,{
headers: {
'username': 'nayanjariwala123456789#gmail.com',
'password': 'Baby_0123'
}
})
.then(res => {
console.log("---->SuccessFully Login".res);
})
.catch(err => {
console.log('--->'+err);
})
And This is the request i made from my vue native app
header
Request URL: https://ishopee.in/wp-json/jwt-auth/v1/token
Request Method: POST
Status Code: 403 Forbidden
Referrer Policy: no-referrer-when-downgrade
Response Headers
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Allow: POST
Alt-Svc: quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8
Date: Wed, 16 Oct 2019 08:33:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <https://ishopee.in/wp-json/>; rel="https://api.w.org/"
null: HTTP/1.1 403 Forbidden
Pragma: no-cache
Server: LiteSpeed
Set-Cookie: PHPSESSID=dd9ecfdbdae48539a6bd1d1847d68c1d; path=/
Transfer-Encoding: chunked
X-Android-Received-Millis: 1571214780555
X-Android-Response-Source: NETWORK 403
X-Android-Selected-Protocol: http/1.1
X-Android-Sent-Millis: 1571214777449
X-Content-Type-Options: nosniff
X-Powered-By: PHP/7.1.28
X-Robots-Tag: noindex
Request Header
Provisional headers are shown
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded
password: Baby_0123
username: nayanjariwala123456789#gmail.com
JSON body Seems working i made the below request and now it works
axios.post('https://ishopee.in/wp-json/jwt-auth/v1/token',
{
'username': 'nayanjariwala123456789#gmail.com',
'password': 'Baby_123'
}
})
.then(res => {
console.log("--->SuccessFully Login".res);
})
.catch(err => {
console.log('--->'+err);
})
Related
When making requests to the Google OAuth2 API according to their documentation/guide, I keep getting 401 Unauthorized responses from https://accounts.google.com/oauth2/v4/token even though I swear I'm giving all the required fields:
POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
User-Agent: curl/7.47.0
Accept: */*
Content-Length: 311
Content-Type: application/x-www-form-urlencoded
client_id=REDACTED
&client_secret=REDACTED
&code=REDACTED
&grant_type=authorization_code
&redirect_uri=https%3A%2F%2Flocalhost%2Fsso%3Fredirect%3D%252F
Response:
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Vary: X-Origin
Vary: Referer
Date: Wed, 03 Jul 2019 16:14:15 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="46,43,39"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Transfer-Encoding: chunked
{
"error": "invalid_client",
"error_description": "Unauthorized"
}
I've checked and triple-checked my client_id, client_secret, authorized hosts and redirect_uri, and looked through similar problems on stack overflow, but nothing seems to work... why is this happening to me :(
It's because Google's guide/documentation are lying to you. That's not the right endpoint, and instead of saying so, it's giving you that extremely unhelpful error message. Hopefully, they'll be made aware of this SO post/answer and fix it. To find out the actual URL to use to obtain an authorization token, you can click on the "Download JSON" button on your credentials' view page on console.developers.google.com, instead of just copy/pasting the client_id and client_secret. Then you'll get something that looks like this:
{
"web": {
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"client_id": "REDACTED",
"client_secret": "REDACTED",
"javascript_origins": [
"https://localhost"
],
"project_id": "REDACTED",
"redirect_uris": [
"https://localhost/sso?redirect=%2F"
],
"token_uri": "https://oauth2.googleapis.com/token"
}
}
and there you have it. The REAL token URI.
I was getting following response after making a curl request to an endpoint
HTTP/2 200
date: Mon, 24 Jun 2019 10:11:39 GMT
content-type: text/html; charset=UTF-8
content-length: 1952
server: nginx
x-powered-by: Express
cache-control: public, max-age=0
last-modified: Tue, 21 May 2019 10:11:37 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
accept-ranges: bytes
Ultimately, I don't want accept-ranges: bytes , instead it must be "accept-ranges: none"
I tried following in the nginx configurations
server {
.....
.....
.....
location / {
......
......
max_ranges 0;
proxy_force_ranges on;
......
}
}
What could be the possible issue ?
Did you tried removing "proxy_force_ranges on" ? It enables byte-range support for responses from the proxied server regardless of the “Accept-Ranges” field in these responses.
I have a problem that relates to the authentication with the google.
I followed the tutorials and finally managed to reach google site where I can select the choose an account section. Then I select one and get redirect to the local address: https://localhost:44377/signin-google?state ...
but there I get:
An unhandled exception occurred while processing the request.
Exception: OAuth token endpoint failure: Status: Unauthorized;Headers: Cache-Control: max-age=0, private
Date: Sat, 10 Feb 2018 22:14:21 GMT
Transfer-Encoding: chunked
Accept-Ranges: none
Server: GSE
Vary: X-Origin, Origin, Accept-Encoding
WWW-Authenticate: Bearer realm="https://accounts.google.com/"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
;Body: {
"error": "invalid_client",
"error_description": "Unauthorized"
}
;
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()
Any help in investigating this would be very helpful.
I am trying to create a playlist on my Spotify in R via HTTR and the Spotify API. I can't quite figure out how to structure the POST request however.
This is the POST request I am using in R
HeaderValue = "Authorization Code"
n = "application/json"
response = POST(
'https://open.spotify.com/v1/users/(myuserid)/playlists',
accept_json(),
add_headers(Authorization = HeaderValue, "Content-Type" = n),
body = list(name = "New Playlist1", public = "true"),
encode = 'form',
verbose()
)
This is what the request SHOULD look like from the Spotify API website:
POST /v1/users/121616946/playlists HTTP/1.1
Host: api.spotify.com
Content-Length: 40
Accept-Encoding: gzip, deflate, compress
Accept: application/json
User-Agent: Spotify API Console v0.1
Content-Type: application/json
Authorization: "Authorization Code"
{"name": "New Playlist", "public": true}enter code here
This is what I get in the R Console
POST /v1/users/121616946/playlists HTTP/1.1
Host: open.spotify.com
User-Agent: libcurl/7.43.0 r-curl/1.2 httr/1.2.1
Accept-Encoding: gzip, deflate
Accept: application/json
Authorization: "Authorization Code"
Content-Type: application/json
Content-Length: 32
name=New%20Playlist1&public=true
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 25 Nov 2016 19:57:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Vary: Accept-Encoding
Cache-Control: no-cache
Content-Encoding: gzip
Tl;Dr: I think my issue is the body of the POST. I don't think I'm formatting it correctly in the call. I may be missing something else though, but I'm not sure what. The Authorization token is fully authorized to do what I am asking it do as well, so that will not be an issue.
I am troubleshooting a problem with a WordPress front-end user login form. The code works great with the same site on a development server, but not on the production server.
On the production server, the authentication passes, and the wp_signon() returns a full user object, however the cookie is not being inserted into the response stream.
The following code demonstrates this:
$user = wp_signon( '', $secure_cookie );
var_dump($user);
When using Fiddler to sniff the packets, this is what is returned by the production server:
HTTP/1.1 302 Found
Server: cloudflare-nginx
Date: Fri, 24 May 2013 07:53:01 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.domain.com/blog/xmlrpc.php
X-Frame-Options: SAMEORIGIN
Location: http://www.domain.com/log-in/
Vary: Accept-Encoding,User-Agent
X-Cacheable: YES:FORCED
X-Varnish: 1753703763
Age: 0
Via: 1.1 varnish
X-Cache: MISS
CF-RAY: 73868e9b8da0418
Content-Length: 802
object(WP_User)#329 (7) {
["data"]=>
object(stdClass)#388 (10) {
["ID"]=>
string(2) "53"
["user_login"]=>
string(14) "SubscriberTest"
["user_pass"]=>
string(34) "$P$B8O8w6awJnKrHNoFLOyHJHfKiPE1nt/"
["user_nicename"]=>
string(14) "subscribertest"
["user_email"]=>
string(33) "SubscriberTest#domain.com"
["user_url"]=>
string(0) ""
["user_registered"]=>
string(19) "2013-05-23 05:56:42"
["user_activation_key"]=>
string(0) ""
["user_status"]=>
string(1) "0"
["display_name"]=>
string(14) "SubscriberTest"
}
["ID"]=>
int(53)
["caps"]=>
array(1) {
["subscriber"]=>
bool(true)
}
["cap_key"]=>
string(15) "wp_capabilities"
["roles"]=>
array(1) {
[0]=>
string(10) "subscriber"
}
["allcaps"]=>
array(3) {
["read"]=>
bool(true)
["level_0"]=>
bool(true)
["subscriber"]=>
bool(true)
}
["filter"]=>
NULL
}
The WordPress control panel login still works and the cookie is inserted when signing into the backend.
The production server is also using CloudFlare, but I am not sure if that could be related or not. I have sent a support ticket to Cloud Flare as well, hoping that they can confirm whether their proxy service might be stripping them off.
Here is what the response header portion looks like on my development server when running the same code. In this one you can see that the cookie is being sent:
HTTP/1.1 302 Found
Date: Fri, 24 May 2013 02:18:23 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: W3 Total Cache/0.9.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://domain.com/blog/xmlrpc.php
X-Frame-Options: SAMEORIGIN
Set-Cookie: wordpress_548d950a57c83d7fc5c2eb781062ef26=SubscriberTest%7C1369534704%7C08d4578ca9049beadffa39e0be0ea941; path=/blog/wp-content/plugins; httponly
Set-Cookie: wordpress_548d950a57c83d7fc5c2eb781062ef26=SubscriberTest%7C1369534704%7C08d4578ca9049beadffa39e0be0ea941; path=/blog/wp-admin; httponly
Set-Cookie: wordpress_logged_in_548d950a57c83d7fc5c2eb781062ef26=SubscriberTest%7C1369534704%7Cc41eb224ebec7f57982d0f93e70f7cff; path=/; httponly
Set-Cookie: wordpress_logged_in_548d950a57c83d7fc5c2eb781062ef26=SubscriberTest%7C1369534704%7Cc41eb224ebec7f57982d0f93e70f7cff; path=/blog/; httponly
Location: http://domain.com/
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
I finally discovered that Varnish was running on the production server and it was stripping off the cookies. Once URL exclusions were added, the WP functions started working as expected.