401 Unauthorized with Wordpress Basic Auth Plugin

Question

I have installed the plugin made by the Wordpress Team: https://github.com/WP-API/Basic-Auth

I am making this request with Wordpress 4.9.4:

GET http://somehostname.com/index.php?rest_route=%2Fwp%2Fv2%2Fposts&per_page=100&page=2&context=edit HTTP/1.1
Host: somehostname.com
Authorization: Basic [****base64encoded username+":"+pass *******]
Accept-Encoding: gzip, deflate
User-Agent: [some user agent name]

Response:

HTTP/1.1 401 Unauthorized
Date: Tue, 13 Feb 2018 14:26:12 GMT
Server: Apache
X-Powered-By: PHP/7.1.12
X-Robots-Tag: noindex
Link: <http://somehostname.com/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Access-Control-Allow-Headers: Authorization, Content-Type
Vary: Accept-Encoding,User-Agent
Content-Length: 127
Content-Type: application/json; charset=UTF-8

{"code":"rest_forbidden_context","message":"Sorry, you are not allowed to edit posts in this post type.","data":{"status":401}}

Answer 1

Please add the following code on your htaccess file.

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

and if you logged in as a wordpress admin right now than it will not allow you to create a post so first logout from wordpress admin and than try to make a request.

These two solutions had solved my problem.

Answer 2

I'm inferring from your question that this is not supposed to be happening. You're expecting some response code that is not of the 4xx variety.

From the title: "401 Unauthorized with Wordpress Basic Auth Plugin", I'm also making a leap, but it's possible that you're thinking that the plugin is not allowing you to access that route in any sense.

So, with that in mind, I'd like to point out that the error data is telling you something pretty precise: that user isn't allowed to edit posts of that type. That's not the same as that user 's credentials are invalid.

{
    "code": "rest_forbidden_context",
    "message": "Sorry, you are not allowed to edit posts in this post type.",
    "data": {
        "status": 401
    }
}

Try confirming that the user whose credentials you're supplying in the [****base64encoded username+":"+pass *******] format is an admin/author/editor (or other role) that has permission to edit posts of the type you're trying to access.

Edit: See this line of the WP-API, where that error is likely originating

Answer 3

我刚刚按照这条评论的建议解决了这个问题： Fix for basic OAuth不确定这个修复是否有任何副作用？

Answer 4

I fixed the auth issue by following this very brief advice

https://github.com/WordPress/application-passwords/wiki/Basic-Authorization-Header----Missing

I also had to move the wordpress block up to the top of the htaccess

Answer 5

I have fixed this issue by the following steps:

1. Verify, if the password protected plugin installed, then
2. Goto Password protected plugin's settings
3. Check 'Allow REST API Access'
4. Save Changes