I'm making some API endpoints that require me to confirm who the user is, and what they can do, before I let them use the endpoint.

However, I can't seem to get the current user.

My endpoint:

function register_api_hooks() {
  register_rest_route(
    'bacon', '/user/',
    array(
      'methods'  => 'POST',
      'callback' => 'makinbacon',
    )
  );
}

function makinbacon(WP_REST_Request $request){

    return json_encode(wp_get_current_user());
}

add_action( 'rest_api_init', 'register_api_hooks' );

My fetch in the client:

fetch('/wp-json/bacon/user', {
    method: 'POST',
    headers: {
        'Content-Type': 'application/json',
    },
    credentials: 'same-origin',
})
.then((response) => {
    return response.json();
})
.then(function(json) {
    console.log(json);
});

The fetch code is included in a normal wordpress page on the same domain and installation of wordpress as the API endpoint. Also, I am logged in as an admin user.

The result:

{"data":{},"ID":0,"caps":[],"cap_key":null,"roles":[],"allcaps":[],"filter":null}

So it seems that the endpoint in itself is working. I'm not getting any errors, and it does return what seems to be a user. Just that the user is empty.

What else I have tried:

As some answers in similar questions suggested, I have tried including the global $current_user. This gave the same result.

function makinbacon(WP_REST_Request $request){

    global $current_user;

    return json_encode(wp_get_current_user());
}

I have also tried setting credentials to include in the fetch call, as well as trying to change both the fetch call and the endpoint to a GET request.

Everything gives the same empty user.

I also tried to do other things in the endpoint, like creating a post, updating a post, etc. That worked fine.

So far the only thing I haven't been able to do in the endpoint is to fetch information about the current user.

Any ideas?

I'm making some API endpoints that require me to confirm who the user is, and what they can do, before I let them use the endpoint.

However, I can't seem to get the current user.

My endpoint:

function register_api_hooks() {
  register_rest_route(
    'bacon', '/user/',
    array(
      'methods'  => 'POST',
      'callback' => 'makinbacon',
    )
  );
}

function makinbacon(WP_REST_Request $request){

    return json_encode(wp_get_current_user());
}

add_action( 'rest_api_init', 'register_api_hooks' );

My fetch in the client:

fetch('/wp-json/bacon/user', {
    method: 'POST',
    headers: {
        'Content-Type': 'application/json',
    },
    credentials: 'same-origin',
})
.then((response) => {
    return response.json();
})
.then(function(json) {
    console.log(json);
});

The fetch code is included in a normal wordpress page on the same domain and installation of wordpress as the API endpoint. Also, I am logged in as an admin user.

The result:

{"data":{},"ID":0,"caps":[],"cap_key":null,"roles":[],"allcaps":[],"filter":null}

So it seems that the endpoint in itself is working. I'm not getting any errors, and it does return what seems to be a user. Just that the user is empty.

What else I have tried:

As some answers in similar questions suggested, I have tried including the global $current_user. This gave the same result.

function makinbacon(WP_REST_Request $request){

    global $current_user;

    return json_encode(wp_get_current_user());
}

I have also tried setting credentials to include in the fetch call, as well as trying to change both the fetch call and the endpoint to a GET request.

Everything gives the same empty user.

I also tried to do other things in the endpoint, like creating a post, updating a post, etc. That worked fine.

So far the only thing I haven't been able to do in the endpoint is to fetch information about the current user.

Any ideas?

• javascript
• users
• rest-api

Share Improve this question asked Aug 6, 2019 at 8:36 AzerAzer 12111 silver badge66 bronze badges 2

• 2 See the documentation, which describes what you need to do to recognise the current user: developer.wordpress/rest-api/using-the-rest-api/… – Jacob Peattie Commented Aug 6, 2019 at 8:55
• Thank you! I had actually looked through the documentation on authentication before I started making the endpoint, but I must have overlooked/forgotten this part If no nonce is provided the API will set the current user to 0, turning the request into an unauthenticated request, even if you’re logged into WordPress. – Azer Commented Aug 6, 2019 at 9:06

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Thanks to Jacob Peattie, I was able to solve this issue.

You have to include a nonce from the WordPress Javascript API in your REST API requests if you wish to use information about the current user.

From the WordPress documentation:

If no nonce is provided the API will set the current user to 0, turning the request into an unauthenticated request, even if you’re logged into WordPress.

In other words, the endpoint will get excecuted even without a nonce, but any attempt to fetch information about the current user will fail/result in an empty user object.