WPSolr Conflict with Advance Access Manager

  • mneimne
    Participant
    # 3 weeks, 4 days ago

    This is a weird behavior I noticed when WPSolr was installed on a woocommerce website.
    If Advanced Access Manager plugin is used, all REST API calls return 401 when using a JWT header, below are the steps to reproduce:
    1. Install Advanced Access Manager (make sure that JWT is enabled)
    2. Install WPSolrPro
    3. Authenticate a user using wp-json/custom-api/v2/authenticate and issueJWT parameter
    4. Call any REST api
    5. 401 is always returned with WPSolrPro is activated

    I have a test instance to try this on privately.

    mneimne
    Participant
    # 3 weeks, 4 days ago

    update: when a JWT token is generated from AAM plugin, debug.log shows this line:
    wp-content/plugins/wpsolr-pro/wpsolr/core/vendor/firebase/php-jwt/src/JWT.php on line 428

    mneimne
    Participant
    # 3 weeks, 4 days ago

    It turns out AAM requires php-jwt v5, whereas WPSolr is using v6. I renamed the folder of php-jwt inside wpsolr to resolve the issue temporarilyz the question is, where is this library used in WPSolr.
    Thanks

    wpsolr
    Keymaster
    # 3 weeks, 4 days ago

    Thanks for the feedback.
    php-jwt v5 is coming from Google AI libraries requiring authentication. WPSOLR uses them for extracting and indexing data (Google Vision, Google Natural Language, …).

    Each WPSOLR release uses the latest version of those libraries.

    mneimne
    Participant
    # 3 weeks, 4 days ago

    So, if I am using only elasticsearch to index my data, without using the AI, I am safe to proceed with fix I did (removing the jwt manually)?

    wpsolr
    Keymaster
    # 3 weeks, 4 days ago

    I think so. But you’ll have to do it again on next WPSOLR release, unless Google php libraries use a more recent version of php-jwt.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.