HISE Logo Forum
    • Categories
    • Register
    • Login

    WP License Manager / JWT Authorization - HELP?

    Scheduled Pinned Locked Moved Scripting
    14 Posts 5 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CyberGenC
      CyberGen
      last edited by CyberGen

      Hi,

      I'm going down the License Manager Rabt hole. 😲 A little help?

      I've set up WP License Manager and JWT authorization. I'm trying to write a simple script that would check the user credentials and respond with a token. But all I get from the server is "500" and the authentication fails. It's string, not an object like I expect. I tried a number of things to no avail.

      I was hoping someone that has gone down this path can shed some light. It would much appreciate the help. Below is the code I'm using in hise. I included the snippet as well, though to use it you'd have to put in your own server and user info.

      Find the corrected code below.

      d.healeyD CyberGenC 2 Replies Last reply Reply Quote 0
      • d.healeyD
        d.healey @CyberGen
        last edited by

        @CyberGen Before trying to get it to work in HISE, test with Hoppscotch or RestFox

        https://hoppscotch.io/
        https://restfox.dev/

        Libre Wave - Freedom respecting instruments and effects
        My Patreon - HISE tutorials
        YouTube Channel - Public HISE tutorials

        CyberGenC 1 Reply Last reply Reply Quote 1
        • CyberGenC
          CyberGen @d.healey
          last edited by

          @d-healey this was a good suggestion. Hoppscotch revealed some config errors. However, I'm still getting the same response in HISE ("500") and hoppscotch gives me this:

          {
            "code": "jwt_auth_invalid_token",
            "message": "Wrong number of segments",
            "data": {
              "status": 403
            }
          }
          

          I've followed the installations instructions and done the following:

          • WP REST API V2 Plugin: Installed and activated.
          • PHP Version: Ensured your server is running PHP 7.4.0 or higher.
          • HTTP Authorization Header: Modified the .htaccess file to enable the HTTP Authorization header.
          • Secret Key Configuration: Added the JWT_AUTH_SECRET_KEY to your wp-config.php file.
          • CORS Support: Enabled CORS by adding the JWT_AUTH_CORS_ENABLE line in wp-config.php.
          • Plugin Activation: Ensured the wp-api-jwt-auth plugin is activated.

          Still stuck.

          Any suggestions?

          Dan KorneffD orangeO 2 Replies Last reply Reply Quote 0
          • Dan KorneffD
            Dan Korneff @CyberGen
            last edited by

            @CyberGen JWT contains 3 parts, separated by dots(Header, Payload, Signature).
            My guess is that when you receive the token you're dropping the dots.

            Dan Korneff - Producer / Mixer / Audio Nerd

            CyberGenC 1 Reply Last reply Reply Quote 2
            • orangeO
              orange @CyberGen
              last edited by

              @CyberGen

              Are you using Wordfence or similar firewall plugin on the Wordpress? If yes, make sure that API calls are allowed.

              In the Wordfence, the below setting must be unchecked.

              Prevent discovery of usernames through '/?author=N' scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps 
              

              develop Branch / XCode 13.1
              macOS Monterey / M1 Max

              CyberGenC 1 Reply Last reply Reply Quote 1
              • CyberGenC
                CyberGen @Dan Korneff
                last edited by

                @Dan-Korneff Yes, chatGPT had mentioned something similar. How/Where can I find out if I'm "dropping the dots"?

                1 Reply Last reply Reply Quote 0
                • CyberGenC
                  CyberGen @orange
                  last edited by

                  @orange Thanks for this suggestion. I don't have wordfence installed. But I asked their tech support if I had any other plugins installed that could block API calls. They suggested uninstalling W3 Cache. Which I did, but did not solve the problem.

                  CyberGenC 1 Reply Last reply Reply Quote 0
                  • CyberGenC
                    CyberGen @CyberGen
                    last edited by

                    @CyberGen Tech support revealed that log errors showed problems with the guttenberg theme. Which I proceeded to uninstall and replace with their default theme..... Still, the problem was not solved. They opened up a ticket and said they would try to work the problem from their end. I must say Nexcess' tech support is fast and good. Hopefully they find the problem if it is on their end. I wish I knew enough to be sure is not something I'm doing wrong in HISE.

                    CyberGenC 1 Reply Last reply Reply Quote 0
                    • CyberGenC
                      CyberGen @CyberGen
                      last edited by

                      @CyberGen @d-healey @orange @Dan-Korneff

                      Hi again fellas,

                      I've got things to work almost all the way. I will share the final code for future reference when the final issue is resolved. So far, the token is downloading properly and validation is working. License activation works but, the signature is still giving me trouble.

                      If I don't set a private key in the license manager API page, HISE's console gives me: "signature": "private key not set". But if set a key made with HISE's RSA key generator, it gives me: "signature": "error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length"

                      I tried different private key configs and algo configs, same result. Can someone share the proper settings for the License Manager API private key? Or the right length? or an app the generates the right format of key?Screenshot 2024-08-19 at 3.21.47 PM.png

                      d.healeyD CyberGenC 2 Replies Last reply Reply Quote 0
                      • CyberGenC CyberGen marked this topic as a question on
                      • d.healeyD
                        d.healey @CyberGen
                        last edited by

                        @CyberGen I'm not using the REST API so I can't help you here.

                        Libre Wave - Freedom respecting instruments and effects
                        My Patreon - HISE tutorials
                        YouTube Channel - Public HISE tutorials

                        1 Reply Last reply Reply Quote 0
                        • CyberGenC
                          CyberGen @CyberGen
                          last edited by CyberGen

                          @CyberGen

                          This worked for me.

                          1. Generate an RSA Key Pair
                            Open a terminal or command prompt.

                          Run the following command to generate a private key:

                          openssl genrsa -out private.pem 2048
                          

                          Extract the public key from the private key:

                          openssl rsa -in private.pem -outform PEM -pubout -out public.pem
                          
                          1. View the Keys
                            If you want to see what your generated keys look like, you can display them using the cat command:
                          cat private.pem
                          cat public.pem
                          
                          1. When setting the private key in WP License Manager API include:
                            -----BEGIN RSA PRIVATE KEY-----
                            and
                            -----END RSA PRIVATE KEY-----

                          That should take care of it.

                          1 Reply Last reply Reply Quote 0
                          • CyberGenC CyberGen has marked this topic as solved on
                          • CyberGenC
                            CyberGen @CyberGen
                            last edited by CyberGen

                            @CyberGen

                            I leave this here cuz, nobody ELSE should spend a week of their lives figuring this out. :anxious_face_with_sweat:

                            The code below works for me doing the following.

                            User Authentication:
                            Set up credentials for JWT token generation and sent a POST request to the /wp-json/jwt-auth/v1/token endpoint to authenticate and receive a JWT.

                            Token Handling:
                            The received JWT is used for subsequent requests to ensure each request is authenticated.

                            Token Validation:
                            The token is validated by sending it back to the server, ensuring it's valid and active before proceeding with any sensitive operations.

                            License Activation:
                            Post-token validation, we proceed to activate the license using the license key and other necessary details, which are then verified by the server.

                            
                            // Server Address
                            Server.setBaseURL("https://yourserver.com");
                            
                            // Credentials for authentication
                            const var credentials = 
                            {
                              "username": "you@yourserver.com",
                              "password": "yourpassword"
                            }
                            
                            // Relevant references
                            const var authUrl = "/wp-json/jwt-auth/v1/token";
                            const var validateUrl = "/wp-json/jwt-auth/v1/token/validate";
                            const var activateUrl = "/wp-json/wclm/v3/activate";
                            
                            reg jwtToken = "";
                            
                            // Some debug stuff
                            Console.clear();
                            if (Server.isOnline()) Console.print("Server is Online!" + "\n");
                            Console.print("Authorization URL: " + authUrl);
                            Console.print("Validate URL: " + validateUrl);
                            Console.print("Activate URL: " + activateUrl + "\n");
                            
                            // Authenticate and retrieve token
                            inline function authenticateUser() 
                            {
                                Console.print("Starting authentication process...");
                                    
                                Server.callWithPOST(authUrl, credentials, printResponse);
                            };
                            
                            inline function printResponse(status, response) 
                            {
                                Console.print("Received response: " + JSON.stringify(response));
                                
                                if (response.token != "") 
                                {
                                    jwtToken = response.token;
                                    
                                    validateToken();
                                } 
                                else 
                                {
                                    Console.print("Authentication failed: " + response.message);
                                }
                            };
                            
                            // Validate the JWT token
                            inline function validateToken() 
                            {
                            	Console.print("atempting to validate");
                            
                                if (jwtToken != "") 
                                {
                                    Server.setHttpHeader("Authorization: Bearer " + jwtToken);
                            
                                    Server.callWithPOST(validateUrl, {}, function(status, response) 
                                    {
                                        Console.print("Validation response: " + JSON.stringify(response));
                            
                                        if (response.code == "jwt_auth_valid_token") 
                                        {
                                            Console.print("Token is valid!");
                                            
                                            activateLicense();
                                        } 
                                        else 
                                        {
                                            Console.print("Token validation failed: " + response.message);
                                        }
                                    });
                                } 
                                else 
                                {
                                    Console.print("No JWT token found.");
                                }
                            }
                            
                            // License activation details
                            const var licenseData = 
                            {
                                "license_key": "your-prod-key-lic"
                            };
                            
                            // Activate the license
                            inline function activateLicense() 
                            {
                                Console.print("Starting license activation..." + licenseData.license_key);
                            
                                // Set the Authorization header with the JWT token
                                Server.setHttpHeader("Authorization: Bearer " + jwtToken);
                            
                                // Send the POST request to activate the license
                                Server.callWithPOST(activateUrl, licenseData, handleActivationResponse);
                            
                            };
                            
                            // Function to handle the response from license activation
                            inline function handleActivationResponse(status, response)
                            {
                            	Console.print(response.signature);
                            	
                                if (response["response"]["result"] == "success") 
                                {
                                    Console.print(response["response"]["message"] + "!");
                                } 
                                else 
                                {
                                    Console.print(response["response"]["message"] + "!");
                                }
                            };
                            
                            // Example: Trigger authentication when a button is clicked
                            inline function onButton1Control(component, value) 
                            {
                                if (value) authenticateUser();
                            }
                            Content.getComponent("Button1").setControlCallback(onButton1Control);
                            
                            
                            alhugA CyberGenC 2 Replies Last reply Reply Quote 2
                            • CyberGenC CyberGen marked this topic as a regular topic on
                            • alhugA
                              alhug @CyberGen
                              last edited by

                              @CyberGen nice, thanks. Our shop doesn't use wordpress so I'm building an authentication system using my own bubble app. This helped a lot setting up the plugin side of things.

                              "HISE is for software developers. If you're not one you must become one." - David Healy

                              1 Reply Last reply Reply Quote 1
                              • CyberGenC
                                CyberGen @CyberGen
                                last edited by

                                @CyberGen A list of License Manager API endpoints. Might be useful for those using the License Manager API.

                                Base Endpoint:
                                /wclm/v3
                                Methods: GET
                                Description: Base route for the wclm/v3 namespace.
                                Verify License:
                                /wclm/v3/verify
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for verifying a license.
                                Activate License:
                                /wclm/v3/activate
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for activating a license.
                                Deactivate License:
                                /wclm/v3/deactivate
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for deactivating a license.
                                Get License Details:
                                /wclm/v3/get-license-details
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for retrieving the details of a license.
                                Get Product API Meta:
                                /wclm/v3/get-product-api-meta
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for retrieving product API metadata.
                                Get License Status:
                                /wclm/v3/get-license-status
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for retrieving the status of a license.
                                Get Current User Licenses:
                                /wclm/v3/get-current-user-licenses
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for retrieving licenses associated with the current user.
                                Register License Key:
                                /wclm/v3/register-license-key
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for registering a new license key.
                                Set License Status:
                                /wclm/v3/set-license-status
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for setting the status of a license.
                                Create License Key:
                                /wclm/v3/create-license-key
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for creating a new license key.
                                Update License Key:
                                /wclm/v3/update-license-key
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for updating an existing license key.
                                Delete License Key:
                                /wclm/v3/delete-license-key
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for deleting a license key.
                                Add License Key Meta:
                                /wclm/v3/add-license-key-meta
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for adding metadata to a license key.
                                Update License Key Meta:
                                /wclm/v3/update-license-key-meta
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for updating metadata associated with a license key.
                                Delete License Key Meta:
                                /wclm/v3/delete-license-key-meta
                                Methods: GET, POST, PUT, PATCH, DELETE
                                Description: Endpoint for deleting metadata associated with a license key.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post

                                28

                                Online

                                1.7k

                                Users

                                11.9k

                                Topics

                                103.5k

                                Posts