Application Passwords not working

When using application passwords to authenticate requests to the GraphQL endpoint, and they do not work, there may be a conflict with a plugin installed on the site. In particular, this may happen when WooCommerce is installed and activated on the site.

If requesting a GraphQL endpoint using an Application Password fails authenticating the user, and you have done either of the following in Gato GraphQL:

• Updated the path of the GraphQL Single Endpoint
• Updated the base slug of Custom Endpoints or Persisted Queries
• Disabled any endpoint (by disabling the corresponding module)

...then you must apply the same modification via a hook, to avoid the conflict.

​

Why this happens

There is a timing conflict between WooCommerce's initialization and Gato GraphQL's service container setup.

WooCommerce triggers the application_password_is_api_request filter during its initialization process. Because Gato GraphQL is not yet initialized, it can't retrieve the correct endpoint paths from the database, as to determine if the request is coming from a GraphQL endpoint and enable using application passwords for authentication.

​

Workaround

When the application_password_is_api_request filter is triggered by WooCommerce (or another plugin), Gato GraphQL assumes the default paths for the GraphQL endpoints.

Then, if you modify the path of any public endpoint via the plugin Settings, you must apply the same modification via hook.

Read guide Replicating GraphQL endpoint path updates via hooks for the solution.