Skip to content

Suggested fixes for use as a WP plugin #7

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Merged
merged 1 commit into from
Feb 16, 2021
Merged

Suggested fixes for use as a WP plugin #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,24 @@ Require the autoloader at some point when `add_action` is available, like in `wp

### Install manually

To install this manually without Compsoer, just download the [latest release ZIP](https://github.com/joshcanhelp/wp-rest-api-auth0/releases) and upload through the admin interface. Please note that this plugin will not update automatically; updates will need to be made by deleting and re-adding (make sure your site is in maintenance mode) or directly via an FTP client (not recommended).
To install this manually without Composer, just download the [latest release ZIP](https://github.com/joshcanhelp/wp-rest-api-auth0/releases) and upload through the admin interface. Please note that this plugin will not update automatically; updates will need to be made by deleting and re-adding (make sure your site is in maintenance mode) or directly via an FTP client (not recommended).

## Testing with Docker

You can get this running to test using Docker [using this Gist](https://gist.github.com/joshcanhelp/0e35b657ca03142e3d79595c28bb3ed7).

### Troubleshooting

If API requsts aren't working, Apache might not be passing authorization headers to PHP. Try adding this line (or similar methods) to `.htaccess`:

```
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
```

Also, make sure your WP API endpoint doesn't follow this pattern, where `/index.php/` is required before `/wp-json/`:

```
Example:
https://<your.site>/index.php/wp-json/
```
See [this solution](http://dejanjanosevic.info/remove-index-php-permalink-in-wordpress/) to help resolve this index.php issue.
7 changes: 2 additions & 5 deletions src/wp-rest-api-auth0.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@

namespace JoshCanHelp\WordPress\RestApiAuth0;

use Auth0\SDK\Helpers\Tokens\SymmetricVerifier;
use Auth0\SDK\Helpers\Tokens\TokenVerifier;

add_filter( 'determine_current_user', __NAMESPACE__ . '\\determine_current_user', 10, 1 );

/**
Expand Down Expand Up @@ -49,10 +46,10 @@ function determine_current_user( $user ) {
// If we cannot validate the token for some reason, the request is processed without auth.

// Verify the incoming access token.
$token_verifier = new TokenVerifier(
$token_verifier = new \WP_Auth0_IdTokenVerifier(
'https://' . AUTH0_DOMAIN . '/',
AUTH0_API_AUDIENCE,
new SymmetricVerifier( AUTH0_API_SIGNING_SECRET )
new \WP_Auth0_SymmetricVerifier( AUTH0_API_SIGNING_SECRET )
);

try {
Expand Down