/wp-json/wp/v2/users/me api endpoint (it's part of the core now) returns 401 not logged in

[asudakov]

Clean installation.
One user, logged in under it.
/wp-json/wp/v2/users/me
returns:
{"code":"rest_not_logged_in","message":"You are not currently logged in.","data":{"status":401}}

It's not redirect, it's looks like get_current_user_id() returned zero as a result (details on this guess below).

While
/wp-json/wp/v2/users/1
returns normal message starting with:
{"id":1,"name":"alex.sudakov","url":"","description":""

In 4.6 release, while rest API was a plugin, I could debug it and found out, that get_current_user_id() returned 0 (In get_current_item function). I couldn't hunt this down. But I checked that this function result is affected in other endpoints as well (checking permissions (get_item_permissions_check) for example).

[danielbachhuber]

Hi @asudakov,

Can you share more details on how you're authenticating your request?

If you're using cookie-based authentication, are you including a nonce in your request? If you don't include a nonce, WordPress will treat the request as unauthenticated, which would exhibit the behavior you see.

[swissspidy]

See ​https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/ for the various authentication methods.

[asudakov]

@danielbachhuber @swissspidy thanks for info.

Now I got it:
there is a nonce system.
So, it's a feature, not a bug.

And I had "REST API – OAuth 1.0a Server" + "REST API" to submit posts to WP from another application. It stopped working. But now I see nonce passed back from OAuth. And I checked it works with REST API and /users/me endpoint.

Btw, you don't have /user/me described in your docs at:
​https://developer.wordpress.org/rest-api/reference/users/#retrieve-a-user

and all
"Arguments"
"Definition"
"Example Request"
anchors are the same and incorrect for not list users sections.