WordPress.org

Plugin Directory

Disable REST API and Require JWT / OAuth Authentication

این افزونه با آخرین 3 نسخه اصلی وردپرس تست نشده است. ممکن است دیگر نگهداری یا پشتیبانی نشود و ممکن است هنگام استفاده با نسخه های جدیدتر وردپرس مشکلات سازگاری داشته باشد.

Disable REST API and Require JWT / OAuth Authentication

توضیحات

When you activate this plugin, all REST API endpoints will be disabled for non-authorized requests.

Best used with any of these plugins:

Blocks ALL REST API endpoints except for:

  • /jwt-auth/v1/token/validate
  • /jwt-auth/v1/token
  • /oauth/authorize
  • /oauth/token
  • /oauth/me

Allows all REST API endpoints if they come with a valid Bearer Token Authentication (authentication via GET URL variables are still blocked)

When used alone in your site, your REST API will essentially be disabled.

Note that this plugin itself doesn’t provide JWT or OAuth authentication, it only whitelists them.

Features

  • No settings page
  • You can whitelist other REST API endpoint via a filter hook (see FAQs below)
  • Blocks all REST API endpoints.. but
  • Allows requests with Bearer Token Authentication.. and
  • Allows JWT Authentication for WP REST API & WP OAuth Server authentication endpoints

عکس‌های صفحه

  • Blocked REST API requests
  • Authenticated REST API requests are allowed

نصب

  1. Head over to Plugins > Add New in the admin
  2. Search for “Disable REST API and Require Authentication”
  3. Install & activate the plugin
  4. Now your REST API endpoints are disabled for non-authenticated requests.

سوالات متداول

Installation Instructions
  1. Head over to Plugins > Add New in the admin
  2. Search for “Disable REST API and Require Authentication”
  3. Install & activate the plugin
  4. Now your REST API endpoints are disabled for non-authenticated requests.
How is this different from Disable REST API?

This plugin is similar to Disable REST API, wherein it disables all REST API endpoints, but it still allows the authentication endpoints provided by:

And if a Bearer Token Authentication is provided, then the REST API becomes available.

How can I check if my REST API is disabled?

Open a new incognito browser tab or private browser tab and visit your wp-json URL:

http://mysite/wp-json/

You will see this message:

{"code":"rest_not_logged_in","message":"You are not currently logged in.","data":{"status":401}}

What is a Bearer Token Authenticated REST API request?

A Bearer Token Authenticated REST API request is a REST API call with this header:

Authorization: Bearer XXXXXXX

The XXXXXXX corresponds to the authentication token given by any of these 2 plugins:

How do I implement JWT / OAuth authentication?

That is outside the scope of this plugin, please refer to the docs of the respective plugins:

How do I whitelist other REST API endpoints? (via filter hook)

I’ve placed a filter called reqauth/allowed_endpoints where you can add your own REST API endpoints to the whitelist.

For example, I want to allow /my-endpoint for non-authorized REST API calls:

add_filter( 'reqauth/allowed_endpoints', 'allow_my_endpoints' );
function( $allowed_endpoints ) {
    $allowed_endpoints[] = '/my-endpoint';
    return $allowed_endpoints;
}

نقد و بررسی‌ها

نقد و بررسی‌ای برای این افزونه یافت نشد.

توسعه دهندگان و همکاران

“Disable REST API and Require JWT / OAuth Authentication” نرم افزار متن باز است. افراد زیر در این افزونه مشارکت کرده‌اند.

مشارکت کنندگان

ترجمه “Disable REST API and Require JWT / OAuth Authentication” به زبان شما.

علاقه‌ مند به توسعه هستید؟

کد را مرور کنید, را بررسی کنید مخزن SVN, یا مشترک شوید گزارش توسعه توسط RSS.

گزارش تغییرات

v1.0

  • Initial release