You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to implement a custom api-authentication plugin to secure Joomla 5 API requests via JWT token, but I’ve hit a roadblock:
The method onApiAuthenticate() is never triggered, even though:
The plugin is installed and enabled ✅
The group is correct: api-authentication ✅
The plugin's filename matches the XML jwtauth.php ✅
die() or log at the top of the plugin file work (outside the class), so the file is loaded ✅
getallheaders() confirms the JWT token is sent correctly ✅
But inside the plugin class, onApiAuthenticate() is never fired — not even a file_put_contents() log appears from inside it.
Joomla Version: 5.0.x
Plugin type: api-authentication
Class name: PlgApiAuthenticationJwtauth
File: /plugins/api-authentication/jwtauth/jwtauth.php
class PlgApiAuthenticationJwtauth extends CMSPlugin
{
public function onApiAuthenticate($credentials, $options, &$response)
{
file_put_contents(JPATH_ROOT . '/jwt_debug.log', "--- CALLED ---\n", FILE_APPEND);
// ... never runs
}
}
If I enable Basic Authentication plugin, everything works (so plugin loading works).
My custom plugin logs when code is outside the class.
URI is /api/index.php/v1/content/articles with a valid Authorization: Bearer header.
I tried and the /api/index.php/v1/users with a valid Authorization: Bearer header.
At Postman i get
Are there new interface requirements in Joomla 5 that prevent the plugin from registering?
Is there a hidden plugin priority issue that could prevent execution?
Has anyone managed to get a custom api-authentication plugin working in Joomla 5 without implementing ApiAuthenticationInterface?
Any example repo of a working JWT-based custom plugin?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I'm trying to implement a custom api-authentication plugin to secure Joomla 5 API requests via JWT token, but I’ve hit a roadblock:
The method onApiAuthenticate() is never triggered, even though:
The plugin is installed and enabled ✅
The group is correct: api-authentication ✅
The plugin's filename matches the XML jwtauth.php ✅
die() or log at the top of the plugin file work (outside the class), so the file is loaded ✅
getallheaders() confirms the JWT token is sent correctly ✅
But inside the plugin class, onApiAuthenticate() is never fired — not even a file_put_contents() log appears from inside it.
Joomla Version: 5.0.x
Plugin type: api-authentication
Class name: PlgApiAuthenticationJwtauth
File: /plugins/api-authentication/jwtauth/jwtauth.php
Code: Select all
class PlgApiAuthenticationJwtauth extends CMSPlugin
{
public function onApiAuthenticate($credentials, $options, &$response)
{
file_put_contents(JPATH_ROOT . '/jwt_debug.log', "--- CALLED ---\n", FILE_APPEND);
// ... never runs
}
}
If I enable Basic Authentication plugin, everything works (so plugin loading works).
My custom plugin logs when code is outside the class.
URI is /api/index.php/v1/content/articles with a valid Authorization: Bearer header.
I tried and the /api/index.php/v1/users with a valid Authorization: Bearer header.
At Postman i get
Code: Select all
{
"errors": [
{
"title": "Forbidden"
}
]
}
Are there new interface requirements in Joomla 5 that prevent the plugin from registering?
Is there a hidden plugin priority issue that could prevent execution?
Has anyone managed to get a custom api-authentication plugin working in Joomla 5 without implementing ApiAuthenticationInterface?
Any example repo of a working JWT-based custom plugin?
Beta Was this translation helpful? Give feedback.
All reactions