I have a Wordpress REST-API Backend with a UI5 JavaScript Frontend which loads some Post-Data to list them.
I want to protect this by a simple Login-Form in the Frontend.
To fetch and create the posts i use Node-WPAPI with basic authencation, like this:
this._oWp = new WPAPI({
endpoint: 'http://<domain>/wordpress/wp-json',
username: '<user>',
password: '<pass>'
});
But this approach dont fit my needs, because creating this WPAPI instance is even possible with a wrog password. Thus i would have to send a request to protected route first to know if my password was correct.
To directly know if my login was correct my idea was to firstly get a Token via "JWT Authentication for WP-API" and this actually works and i get the token.
But doing this my WPAPI Endpoints resulting with error "jwt_auth_bad_auth_header, "Authorization header malformed."
Is there a way to use WPAPI together with JWT Auth? Or how could a Login be authenticated by WPAPI Instance and get directly notified when the login credential were wrong?
I managed this with the WPAPI-Only-Approach, so proving that the user entered the right credentials by simply sending a request to .users().me() which needs a correct authentification. Otherwise you get an "Not authenticated" Error.
let oWp = new WPAPI({
endpoint: <your_endpoint>,
username: this._oAuth.getProperty("/Username"),
password: this._oAuth.getProperty("/Password"),
});
oWp.users().me()
.then( user => {
this._oWp.setData(oWp);
this._oRouter.navTo('home');
}).catch( error => {
console.log(error);
});