User's password update via WordPress REST API

Question

I'm developing an iOS app that connects a WordPress REST API with JWT. The API and the JWT plugin (JWT Authentication for WP-API) are working ok.

The app login is based in WordPress user and password and you can change your user password from it. After updating the user's password (/wp-json/wp/v2/users/id?password=newpass) the API stops working. I can't keep on doing any update call (updates, deletes, change the password again...) and the response is always:

{
  "code": "rest_cannot_edit",
  "message": "Sorry, you are not allowed to edit users.",
  "data": {
    "status": 401
  }
}

This happens not only in the app but using Postman too. In summary, I can only change once a user password via WP REST API and using JWT plugin.

If I change the password in the app and then I change it via Postman, the password can be updated from the app, but again, only once. (Even with the same token)

Generate a new token doesn't work, restarting the app allows (with a new token) change the pass again.

Answer 1

I've experienced the same problem as you. After changing the user's password, your HTTP client keeps the old auth cookie with it. That means wordpress_logged_in cookie still references user's old password, getting an 401 error. After changing user's password via API, just clear your client's cookies. Test it first on Postman following these steps:

1. Make an API request changing user's password normally.
2. Make another API request changing user's password or its details. Note that 401 error will appear.
3. In your Request screen, click on Manage Cookies.
4. In the cookies list, select your wordpress site, and delete the wordpress_logged_in cookie.
5. Repeat the API request on item 2.