Logo
Common Issues
Common IssuesApplication Passwords not working

Application Passwords not working

When using application passwords to authenticate requests to the GraphQL endpoint, and they do not work, there may be a conflict with a plugin installed on the site. In particular, this may happen when WooCommerce is installed and activated on the site.

If requesting a GraphQL endpoint using an Application Password fails authenticating the user, and you have done either of the following in Gato GraphQL:

  • Updated the path of the GraphQL Single Endpoint
  • Updated the base slug of Custom Endpoints or Persisted Queries
  • Disabled any endpoint (by disabling the corresponding module)

...then you must apply the same modification via a hook, to avoid the conflict.

Why this happens

There is a timing conflict between WooCommerce's initialization and Gato GraphQL's service container setup.

WooCommerce triggers the application_password_is_api_request filter during its initialization process. Because Gato GraphQL is not yet initialized, it can't retrieve the correct endpoint paths from the database, as to determine if the request is coming from a GraphQL endpoint and enable using application passwords for authentication.

Workaround

When the application_password_is_api_request filter is triggered by WooCommerce (or another plugin), Gato GraphQL assumes the default paths for the GraphQL endpoints.

Then, if you modify the path of any public endpoint via the plugin Settings, you must apply the same modification via hook:

  • gatographql:before_app_is_loaded:graphql_endpoint_paths

Similarly, if you disable any public endpoint Module, you must remove the corresponding path via the hook.

Examples

If you've changed the Single Endpoint path from graphql to api/graphql in the plugin Settings:

add_filter(
  'gatographql:before_app_is_loaded:graphql_endpoint_paths',
  function(array $endpointPaths): array {
    // Replace the default 'graphql' path with your custom path
    return array_map(
      fn ($path) => $path === 'graphql' ? 'api/graphql' : $path,
      $endpointPaths
    );
  }
);

If you've disabled the Single Endpoint module:

add_filter(
  'gatographql:before_app_is_loaded:graphql_endpoint_paths',
  function(array $endpointPaths): array {
    // Remove the 'graphql' path since the module is disabled
    return array_filter(
      $endpointPaths,
      fn ($path) => $path !== 'graphql',
    );
  }
);