TechQA.

401 Unauthorized with Wordpress Basic Auth Plugin

23k views Asked by At

I have installed the plugin made by the Wordpress Team: https://github.com/WP-API/Basic-Auth

I am making this request with Wordpress 4.9.4:

GET http://somehostname.com/index.php?rest_route=%2Fwp%2Fv2%2Fposts&per_page=100&page=2&context=edit HTTP/1.1
Host: somehostname.com
Authorization: Basic [****base64encoded username+":"+pass *******]
Accept-Encoding: gzip, deflate
User-Agent: [some user agent name]

Response:

HTTP/1.1 401 Unauthorized
Date: Tue, 13 Feb 2018 14:26:12 GMT
Server: Apache
X-Powered-By: PHP/7.1.12
X-Robots-Tag: noindex
Link: <http://somehostname.com/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Access-Control-Allow-Headers: Authorization, Content-Type
Vary: Accept-Encoding,User-Agent
Content-Length: 127
Content-Type: application/json; charset=UTF-8

{"code":"rest_forbidden_context","message":"Sorry, you are not allowed to edit posts in this post type.","data":{"status":401}}
wordpress wordpress-rest-api wordpress-json-api wordpress-admin
Original Q&A
6

There are 6 answers

0
d0kt0r1 On BEST ANSWER

I got this fixed just now by doing as this comment is suggesting: Fix for basic OAuth Not sure if this fix has any side effects though?

4
Cameron Hurd On

I'm inferring from your question that this is not supposed to be happening. You're expecting some response code that is not of the 4xx variety.

From the title: "401 Unauthorized with Wordpress Basic Auth Plugin", I'm also making a leap, but it's possible that you're thinking that the plugin is not allowing you to access that route in any sense.

So, with that in mind, I'd like to point out that the error data is telling you something pretty precise: that user isn't allowed to edit posts of that type. That's not the same as that user's credentials are invalid.

{
    "code": "rest_forbidden_context",
    "message": "Sorry, you are not allowed to edit posts in this post type.",
    "data": {
        "status": 401
    }
}

Try confirming that the user whose credentials you're supplying in the [****base64encoded username+":"+pass *******] format is an admin/author/editor (or other role) that has permission to edit posts of the type you're trying to access.

Edit: See this line of the WP-API, where that error is likely originating

0
Krishna thakor On

Please add the following code on your htaccess file.

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

and if you logged in as a wordpress admin right now than it will not allow you to create a post so first logout from wordpress admin and than try to make a request.

These two solutions had solved my problem.

0
billyqureshi On

I fixed the auth issue by following this very brief advice

https://github.com/WordPress/application-passwords/wiki/Basic-Authorization-Header----Missing

I also had to move the wordpress block up to the top of the htaccess

0
Tayyab Chaudhary On

I have fixed this issue by the following steps:

  1. Verify, if the password protected plugin installed, then
  2. Goto Password protected plugin's settings
  3. Check 'Allow REST API Access'
  4. Save Changes

enter image description here enter image description here

0
Arya Aniket On

You can add this snippet in .htaccess to solve this error

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=REMOTE_USER:%{HTTPS:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Related Questions in WORDPRESS

Related Questions in WORDPRESS-REST-API

Related Questions in WORDPRESS-JSON-API

Related Questions in WORDPRESS-ADMIN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions