[mneimne]

2 years, 10 months ago #29622

This is a weird behavior I noticed when WPSolr was installed on a woocommerce website.
If Advanced Access Manager plugin is used, all REST API calls return 401 when using a JWT header, below are the steps to reproduce:
1. Install Advanced Access Manager (make sure that JWT is enabled)
2. Install WPSolrPro
3. Authenticate a user using wp-json/custom-api/v2/authenticate and issueJWT parameter
4. Call any REST api
5. 401 is always returned with WPSolrPro is activated

I have a test instance to try this on privately.

[mneimne]

2 years, 10 months ago #29623

update: when a JWT token is generated from AAM plugin, debug.log shows this line:
wp-content/plugins/wpsolr-pro/wpsolr/core/vendor/firebase/php-jwt/src/JWT.php on line 428

[mneimne]

2 years, 10 months ago #29624

It turns out AAM requires php-jwt v5, whereas WPSolr is using v6. I renamed the folder of php-jwt inside wpsolr to resolve the issue temporarilyz the question is, where is this library used in WPSolr.
Thanks

[wpsolr]

2 years, 10 months ago #29625

Thanks for the feedback.
php-jwt v5 is coming from Google AI libraries requiring authentication. WPSOLR uses them for extracting and indexing data (Google Vision, Google Natural Language, …).

Each WPSOLR release uses the latest version of those libraries.

[mneimne]

2 years, 10 months ago #29626

So, if I am using only elasticsearch to index my data, without using the AI, I am safe to proceed with fix I did (removing the jwt manually)?

[wpsolr]

2 years, 10 months ago #29627

I think so. But you’ll have to do it again on next WPSOLR release, unless Google php libraries use a more recent version of php-jwt.