WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#40494 closed defect (bug) (invalid)

/wp-json/wp/v2/users/me api endpoint (it's part of the core now) returns 401 not logged in

Reported by: asudakov Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7.3
Component: REST API Keywords:
Focuses: Cc:

Description

Clean installation.
One user, logged in under it.
/wp-json/wp/v2/users/me
returns:
{"code":"rest_not_logged_in","message":"You are not currently logged in.","data":{"status":401}}

It's not redirect, it's looks like get_current_user_id() returned zero as a result (details on this guess below).

While
/wp-json/wp/v2/users/1
returns normal message starting with:
{"id":1,"name":"alex.sudakov","url":"","description":""

In 4.6 release, while rest API was a plugin, I could debug it and found out, that get_current_user_id() returned 0 (In get_current_item function). I couldn't hunt this down. But I checked that this function result is affected in other endpoints as well (checking permissions (get_item_permissions_check) for example).

Change History (5)

#1 @danielbachhuber
3 years ago

Hi @asudakov,

Can you share more details on how you're authenticating your request?

If you're using cookie-based authentication, are you including a nonce in your request? If you don't include a nonce, WordPress will treat the request as unauthenticated, which would exhibit the behavior you see.

This ticket was mentioned in Slack in #forums by netweb. View the logs.


3 years ago

#4 @asudakov
3 years ago

  • Resolution set to invalid
  • Status changed from new to closed

@danielbachhuber @swissspidy thanks for info.

Now I got it:
there is a nonce system.
So, it's a feature, not a bug.

And I had "REST API – OAuth 1.0a Server" + "REST API" to submit posts to WP from another application. It stopped working. But now I see nonce passed back from OAuth. And I checked it works with REST API and /users/me endpoint.

Btw, you don't have /user/me described in your docs at:
https://developer.wordpress.org/rest-api/reference/users/#retrieve-a-user

and all
"Arguments"
"Definition"
"Example Request"
anchors are the same and incorrect for not list users sections.

#5 @netweb
3 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.