Auth button fails

[callerc1]

When i hit the auth button the /oauth1/request returns a 400 (Bad Request) error

[flashimage]

Same pb

[mensch]

This is likely a server configuration issue. I've also run into the 400 Bad Request error (setup with MAMP). When I look at the actual response from the OAuth1 plugin it states that OAuth parameters are missing. On some server configurations (when PHP is run as a FastCGI module for example) Authorization headers are apparently stripped, and the request method of the OAuth1 plugin therefore doesn't receive the required $_SERVER['HTTP_AUTHORIZATION'] key.

A quick fix appears to be this line inserted at the top of the .htaccess file of the Wordpress installation containing the OAuth1 plugin:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

[ghost]

I get this same error too.

I also get:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://{{domain.net}}/oauth1/request. This can be fixed by moving the resource to the same domain or enabling CORS.

Weird thing is, I am testing on http://{{domain.net}}:3000...

I tried using this plugin: https://github.com/thenbrent/WP-API-CORS ... I found out this plugin returns the headers, but it doesn't have anything to do with when you send the headers.

These are the headers sent:

Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Access-Control-Request-He... authorization Access-Control-Request-Me... POST Cache-Control no-cache Connection keep-alive Host hotel.dev.cittando.net Origin http://{{domain.net}}:3000 Pragma no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:32.0) Gecko/20100101 Firefox/32.0

Do I need any allow headers? Maybe this is part of the problem?

By the way, I tried your quick fix and it did not work.

[ghost]

Also, I don't know if this is the same issue, but when there is an error, the button shows as "Authenticated!" when it isn't

[mensch]

Are both the client and OAuth server on the same domain (both running on http://{{domain.net}}:3000)?

[ghost]

The are not. One is running on http://domain.net and the other on http://domain.net:3000. But I don't want them running on the same server.

[mensch]

I believe the CORS plugin you mentioned should take care of unblocking the Cross-Origin Request on the side of the OAuth1. If you have access to the Apache configuration on your testing server you might be able to enable CORS in one of the .conf files. Also, the Authorization header appears to be missing from the headers you've posted.

[EugeneLiang]

same problem here too. I have tried the methods for changing the .htaccess files, didnt work for me. The error i received was:

No oauth parameters supplied. If I do not make any changes to the .htacess files, the error i receive is: Remote Address:108.59.9.164:80 Request URL:http://api.examplewebsite.com/oauth1/request Request Method:OPTIONS Status Code:400 Bad Request Request Headersview source Accept:_/_ Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,zh-TW;q=0.2 Access-Control-Request-Headers:authorization, content-type Access-Control-Request-Method:POST Cache-Control:no-cache Connection:keep-alive Host:api.extensionslab.com Origin:http://localhost:8888 Pragma:no-cache Referer:http://localhost:8888/wpapptheme/api-console-master/ User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36 Response Headersview source Connection:keep-alive Content-Type:text/html; charset=UTF-8 Date:Wed, 08 Oct 2014 15:46:21 GMT Server:nginx Transfer-Encoding:chunked X-Pingback:http://api.examplewebsite.com/xmlrpc.php

I've also tried using the CORS plugin, but same error as above too.

How do I fix the error ?

Background information: The API-Console code is hosted on http://examplesite.com while the Wordpress ( and WP-API ) is hosted on http://api.examplesite.com

Thanks!

[spdaly]

Any update on this? I'm having the same problem. Using OSX Apache/PHP - not MAMP. I put the .htaccess line in and also running the CORS fix.

[panic175]

@mensch I'm facing the same isssue as @callerc1, but the .htaccess change you suggested didn't work for me. I figured out, that in my server configuration I don't have a HTTP_AUTHORIZATION but a REDIRECT_HTTP_AUTHORIZATION. Is this the same thing? How could I use this instead?

Thanks!

[mensch]

@panic175 It's indeed the same header. The prefix is present on some configurations of PHP with FastCGI. I'm afraid I don't know how reconfigure it to HTTP_AUTHORIZATION. The authorisation script should have a check for this particular case, but I wouldn't know where to start, to be honest. It might be better to file an issue at either this repository or WP API.