App requests to /wp-json/users/me are failing.

[kosso]

Please refer to this comment on WP-API : WP-API/WP-API#493 (comment)

I have successfully built and tested a PHP OAuth client to go through the authentication flow and then GET /wp-json/users/me to verify the user. This all works fine. (Note this only works when PHP cUrl CURLOPT_FOLLOWLOCATION is false - the default.)

But when I try a native mobile app (in this case iOS built using Appcelerator Titanium), I can go through the authentication flow fine, then collect an access_ token/secret pair, but the final /wp-json/users/me GET request signature never matches.

Lots of debugging and logging has shown that the client is being sent on a 2nd GET request to /wp-json/users/<ID> with the same parameters detected in get_parameters() from the original request. Therefore, the signatures don't match, as the REQUEST_URI is now different for the base string creation.

Removing $response->set_status( 302 ); from class-wp-json-users.php in WP-API seems to fix this.

[gregoirepuget]

Hi,

same for me with my own Aouth.

here is the return body
{"code":"json_user_cannot_list","message":"Sorry, you are not allowed to view this user."}

But i can create posts with the same Aouth system

http://www.wordpress-fr.net/support/sujet-108158-rest-api

[kosso]

Closing this.
I altered my client app to deal with the 302 redirection status.

[rmccue]

If you need to work around this, you can also try adding ?_envelope to get it back in a wrapper object. See also the FAQ on this.

[kosso]

Ahah! That works too. thx!

/wp-json/wp/v2/users/me?_envelope=1&context=embed did the trick.