[wp-trac] [WordPress Trac] #63754: Application password with REST API fails when logged in (Unauthorized), works when logged out — Regression from WP 6.8.2

WordPress Trac noreply at wordpress.org
Sat Aug 9 06:56:37 UTC 2025 

#63754: Application password with REST API fails when logged in (Unauthorized),
works when logged out — Regression from WP 6.8.2
-----------------------------------+------------------------------
 Reporter:  elabinnovations        |       Owner:  (none)
     Type:  defect (bug)           |      Status:  new
 Priority:  normal                 |   Milestone:  Awaiting Review
Component:  Application Passwords  |     Version:  6.8.2
 Severity:  blocker                |  Resolution:
 Keywords:  reporter-feedback      |     Focuses:
-----------------------------------+------------------------------

Comment (by elabinnovations):

 Hi @mindctrl,

 Thank you for your patience. I've been working on an open-source financial
 management plugin called **Pika** as an alternative to Firefly III and
 Firefly Pico.

 == Plugin Information

 **Download:** [Pika v1.0.0 ZIP](https://elabins.com/wp-
 content/uploads/2025/08/pika-v1.0.0.zip)
 **Repository:** [GitHub -
 e-labInnovations/pika](https://github.com/e-labInnovations/pika)

 == Installation & Testing Steps

 1. **Install the plugin** from the ZIP file
 2. **Create an Application Password** in WordPress Admin → Users → Profile
 → Application Passwords
 3. **Access Pika** at `yourdomain.com/pika`
 4. **Login** using your WordPress username and the generated application
 password

 == Issue Description

 The authentication issue occurs specifically when:
 - ✅ **WordPress logged in** → Pika shows "Unauthorized" error
 - ✅ **WordPress logged out** → Pika works perfectly

 This suggests a conflict between WordPress session management and the
 plugin's REST API authentication.

 == Environment Details

 **WordPress Version:** 6.8.2
 **PHP Version:** 8.2.28
 **Server:** Apache/2.4.62 (Debian)
 **Database:** MySQL 9.3.0
 **Debug Mode:** Enabled

 **Active Plugins:**
 - Pika Financial Management (v1.0.0)
 - FluentCRM (v2.9.60)
 - Fluent Boards (v1.65)

 == Technical Context

 The plugin uses WordPress REST API with Application Passwords for
 authentication. The issue appears to be related to session handling when a
 user is simultaneously logged into WordPress admin and trying to access
 the PWA interface.

 Could you please test this scenario and let me know if you encounter the
 same authentication conflict?


 > ''Note: This is a local development environment using Docker with debug
 mode enabled for testing purposes.''

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/63754#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list