rest_cannot_create – Not allowed to create post

  • jacquesmivi

    (@jacquesmivi)


    3 years, 11 months ago

    Hello,

    I succeed in generating a token “code”: “jwt_auth_valid_credential”.

    BUt when I try to create a post to my wordpress with JWT Api I got a “rest_cannot_create”, Sorry, you are not allowed to create posts as this user, 401.

    I have try to update my HTAcess in many ways. Without result. Here is the last one

    ———–

    # BEGIN WordPress
    SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # JWT
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule ^(.*) – [E=HTTP_AUTHORIZATION:%1]
    </IfModule>

    ———–

    I’m on WPEngine.

    Do you know how can I correct this ?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter jacquesmivi

    (@jacquesmivi)

    3 years, 11 months ago

    I found the answer.

    The HTAcess is good.

    I got two authentifications on my website. A basic authentification and JWT Token authentification. I got a conflict between both with the header on my POST request.

    More information about multiple authorisation issues
    https://community.postman.com/t/multiple-authorisation-issue/6479/7

    crispiestsquid

    (@crispiestsquid)

    3 years, 8 months ago

    Hey all,

    So I am running into this same issue with my setup. I am able to pass my site’s basic auth key and the generated jwt-auth token in a comma separated string to the Authorization header and it seems to allow my call through.

    The problem is that it then tells me the user doesn’t have permission to create or edit posts.

    My user that I am testing with is an admin, and should have no problem authoring a post.

    I was able to find something online that talked about using wp-rest nonces and cookies. So in postman I was able to test with the nonce and cookie that my browser captured when I signed into the dashboard, and if I pass that along with everything else I can make and edit posts.

    Nothing in the documentation here says I should have to do that though. Even if it is required I don’t know how to get that information back from the request jwt-auth token endpoint.

    Any help would be greatly appreciated!!!!

    Thanks,
    Kevin Little

    crispiestsquid

    (@crispiestsquid)

    3 years, 8 months ago

    Upon further research I do believe I am having the same issue as @jacquesmivi

    I am wondering how you actually solved this issue if at all?

    I am developing for a company where anything above standard member access is behind a basic auth.

    I am going to see if I can somehow get them to open up the access to the /wp-json/ paths so that I don’t have to pass basic auth on the API and I can just send the token from jwt-auth.

    If there are any other solutions please let me know.

    Thanks,
    Kevin Little

    Plugin Author Bagus

    (@contactjavas)

    3 years, 7 months ago

    Hi @crispiestsquid , have you solved the issue?

    Is it possible if you whitelist some conflicting endpoints and then use Basic auth there instead?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘rest_cannot_create – Not allowed to create post’ is closed to new replies.