WP-API
Requesting access returns 401 unless Wordpress Login cookie is also forwarded
I've been trying to use the OAuth plugin to access password-protected JSON on my WordPress instance. I'm pulling data into an external website (running on the Play Framework with Scala stack). I need to be able to callback to my original website after receiving verifier.
My workflow is this:
- Consumer successfully created using WP CLI
- Can hit http://mywordpress.com/oauth1/request and receive a request token
- Can hit http://mywordpress.com/oauth1/authorize?oauth_token=mytoken&oauth_callback=http://mysite/callback
- When I hit the above URL, I am redirected to http://mywordpress.com/wp-login.php?action=oauth1_authorize&oauth_token=mytoken&oauth_callback=http://mysite/callback
- From there, I authorize the token, and am redirected back to http://mysite/callback?oauth_token=mytoken&oauth_verifier=myverifier&wp_scope=%2A
- When I try to post my request to get the access token, I get a 401 from http://mywordpress.com.
- However, if I intercept the same request using a debugger, and instead send the same request with my WordPress login cookie appended in the headers, I successfully receive the new access oauth_token and oauth_token_secret.
So I need to manually attached the cookie from the http://mywordpress.com domain, with key started wordpress_logged_in_... to be able to get my access token.
Is this correct expected behaviour, or have I made some mistake? Is this some way around the login cookie forwarding requirement?
When I manually append the wordpress_logged_in_..., I'm sending as a post via with Advanced REST Client app for Google Chrome, with the OAuth parameters as the Authorization header. As mentioned, this successfully gets me back an access token.
Exactly the same problem here.Would love some updates on it :/ I have all steps done right, but I can't perform any authenticated request, ends up in 401.
