Open
Description
I've been trying to use the OAuth plugin to access password-protected JSON on my WordPress instance. I'm pulling data into an external website (running on the Play Framework with Scala stack). I need to be able to callback to my original website after receiving verifier.
My workflow is this:
- Consumer successfully created using WP CLI
- Can hit http://mywordpress.com/oauth1/request and receive a request token
- Can hit http://mywordpress.com/oauth1/authorize?oauth_token=mytoken&oauth_callback=http://mysite/callback
- When I hit the above URL, I am redirected to http://mywordpress.com/wp-login.php?action=oauth1_authorize&oauth_token=mytoken&oauth_callback=http://mysite/callback
- From there, I authorize the token, and am redirected back to http://mysite/callback?oauth_token=mytoken&oauth_verifier=myverifier&wp_scope=%2A
- When I try to post my request to get the access token, I get a 401 from http://mywordpress.com.
- However, if I intercept the same request using a debugger, and instead send the same request with my WordPress login cookie appended in the headers, I successfully receive the new access oauth_token and oauth_token_secret.
So I need to manually attached the cookie from the http://mywordpress.com domain, with key started wordpress_logged_in_... to be able to get my access token.
Is this correct expected behaviour, or have I made some mistake? Is this some way around the login cookie forwarding requirement?