|
cancercarecup
|
March 5, 2017 at 8:31 pm
This isn’t as straight forward as I had hoped 🙂 I downloaded the app and tried to login using my WP credentials and received the following error… “only authenticated users can access the REST API”
I followed the documentation found here https://eventespresso.com/wiki/ee4-event-apps/ which i was really bummed it was a simple one click install so after reading through the documentation I installed the Applications Password plugin and followed the steps… then only to get the error
“Due to a potential server misconfiguration, it seems that HTTP Basic Authorization may not work for the REST API on this site: Authorization headers are not being sent to WordPress by the web server. You can learn more about this problem, and a possible solution, on our GitHub Wiki.”
UGGH….. I am using GoDaddy managed wordpress hosting… This is not as straight forward as advertised in your marketing one click and be up and able to scan tickets in 5 minutes lol
So I am working through editing the .htaccess file per the readme on github which I really don’t like you have to edit the htaccess file.
This the the only option I see to be able to use the addon i purchased as the WP API Basic Auth is going away for obvious security reasons.
Can you give me any advice on how to get this going in under 5 minutes as I expected to be able to do 🙂
Also once I have all the connection worked out with the Event Mgt (WP user) have a different password to use to login the app (the one time password Application Password plugin generates you have to capture at the time of creation). That doesn’t seem to user friendly as the user would have to remember two different passwords if so and the one is generates is one they won’t ever remember.
Thanks for you help in advance.
|
|
Josh
|
March 6, 2017 at 12:58 pm
Hi there,
I’m afraid that you’ve run into one of the issues that come with hosting with Godaddy Managed hosting, and that is one of the reasons why we don’t recommend hosting websites there. Have you made the edit to the .htaccess file? That should take less than a minute to edit, it’s one line of code. If you need help with editing that file, you can complete the form on this page and we’ll make the edit for you:
https://eventespresso.com/send-login-details/
Here’s a clarification about the application passwords and you comment on its user-friendliness: The Application Passwords plugin gives you the option to add additional passwords that you can revoke later, so you can avoid giving out your password. You can still use your password (the one you remember) when you log into the app.
|
|
cancercarecup
|
March 6, 2017 at 2:16 pm
It did but got this message… so what will I need to do then once this basic auth goes away (which I agree I am not crazy about using basic auth)
We noticed you’re using the WP API, which is used by the Event Espresso 4 mobile apps. Because of security and compatibility concerns, we will soon be removing our default authentication mechanism, WP API Basic Auth, from Event Espresso. It is recommended you instead install the WP Application Passwords plugin and use it with the EE4 Mobile apps. See our mobile app documentation for more information.
If you have installed the WP API Basic Auth plugin separately, or are not using the Event Espresso 4 mobile apps, you can disregard this message.
The Event Espresso Team
|
|
cancercarecup
|
March 6, 2017 at 3:40 pm
I changed nothing now all of a sudden the mobile app stopped working and I am getting the same error message again.
“only authenticated users can access the REST API”
|
|
cancercarecup
|
March 6, 2017 at 3:42 pm
the lines i placed in the htaccess file have been removed by godaddy 🙁 this could be a HUGE issue. I know what you recommended but the client is not moving from godaddy where they have everything else and happy with their current hosting. However I need a solution 🙂
|
|
cancercarecup
|
March 6, 2017 at 3:54 pm
I have installed the Application Password pluing
Went to the User
Generated a new Appliction Password (note I did this twice and the revoke button does not revoke the password)
Opened the app… tried logging in with the generated password and still get the error “only authenticated users can access the REST API”
|
|
Josh
|
March 6, 2017 at 4:07 pm
One solution would be to ask Godaddy how they can prevent themselves from editing the .htaccess file. If they cannot do that, maybe they can configure the server to allow passing the Authentication headers without relying on the .htaccess edit.
|
|
cancercarecup
|
March 6, 2017 at 4:10 pm
Ok but once basic auth goes away what is the solution ? I would really like to get it working correctly without using basic auth but rather the Application Password plugin as even your team has states Basic Auth is going away and will no longer work.
I reached out to godaddy by the way and relooking at the .htaccess file they did not remove the line I placed in there.
|
|
Josh
|
March 6, 2017 at 4:12 pm
You install and activate the Application Passwords plugin. Once that’s activated, Event Espresso will not use the bundled Basic Auth.
|
|
cancercarecup
|
March 6, 2017 at 4:16 pm
Well when I tried to use the password Application Password plugin gave it I could not login to the app at all. So I tried creating a new password and that didn’t work either. I went back to try to revoke them both and just click the button and nothing happens 🙁
I tried this with and without the htaccess edit or the basic auth.
Just reuploaded the .htaccess file with Application Password plugin active and i was able to login with Basic Auth so I don’t think your statement is fully true or I wouldn’t have been able to login hehe 🙂
I do greatly apprecaite the quick response just trying to get through all these bugs it isn’t as straightforward as I was hoping but is a solid little product if I can get all the tweaks needed straighted out.
|
|
Josh
|
March 6, 2017 at 6:51 pm
Just reuploaded the .htaccess file with Application Password plugin active and i was able to login with Basic Auth so I don’t think your statement is fully true or I wouldn’t have been able to login hehe ????
The Application Passwords also uses Basic Authentication, so how is my statement not fully true?
You might be confusing the Application Passwords feature, you actually don’t need to use the extra passwords with the app log ins. The WordPress username/password combo will also work.
|
|
cancercarecup
|
March 6, 2017 at 7:17 pm
Now I am really confused sorry 🙂
Is all I needed to do was install the plugin….. Go to User…. Generate Password…
Then in the app login like normal using WP credentials and all will work?
So using the Application Password I don’t need to modify the htaccess file or I do ?
It is still working now for me… I have edited the htaccess file… generated a App Password for the WP user…. and can log into the app using WP user creds… However I have a message inside wordpress stating Basic auth is going away to please update your method to use App Password plugin…
but I have it installed and generated a password for the user how can I confirm what auth the app is actually using to login?
|
|
Josh
|
March 7, 2017 at 7:40 am
Is all I needed to do was install the plugin….. Go to User…. Generate Password…
You don’t need to generate passwords, that’s optional.
So using the Application Password I don’t need to modify the htaccess file or I do ?
You still need to modify the htaccess file because your site is hosted on a misconfigured Godaddy server. You can gain some understanding about why you’re editing the .htaccess file by reading this issue posted on Github:
https://github.com/georgestephanis/application-passwords/issues/46
However I have a message inside wordpress stating Basic auth is going away to please update your method to use App Password plugin…
You can dismiss that message and it will go away.
but I have it installed and generated a password for the user how can I confirm what auth the app is actually using to login?
Again, you don’t need to generate a password for the user. That’s an optional feature and can be used for cases where you want to give out additional passwords that can be used only for the apps, where:
1) You don’t need to create additional user accounts
2) You can easily revoke those passwords later.
If you’d like, you can deactivate the basic auth that’s bundled in EE4 core by adding the following to a custom plugin:
https://gist.github.com/joshfeck/8b586e670cf120fc40a803daa6d8b205
|
|
cancercarecup
|
March 13, 2017 at 12:28 am
Thanks Josh I let this ride for a week. I am still able to use the mobile app I am going to setup some real users this week and have them test out things so will keep you posted but believe all is well I am not sure what was going on but think things are working properly 🙂 Sorry to be a pain
|
