18

I have two AWS instances, one for WordPress website and another for React application. To connect them together I am using "WP REST API - OAuth 1.0a Server" and "JWT Authentication for WP-API" for accessing WP REST API.

I am able to generate token by /wp-json/jwt-auth/v1/token but when I am trying to access any other endpoint or if trying to validate the token by /wp-json/jwt-auth/v1/token/validate I am getting following error :

{
  "code": "jwt_auth_no_auth_header",
  "message": "Authorization header not found.",
  "data": {
    "status": 403
  }
}

I looked up and found few things to add to .htaccess. I added everything I could find but had no success.

RewriteEngine On
RewriteBase /

# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

# WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# For SetEnvIf Authorization
#RewriteRule (.*) - [env=myenv:1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
#SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

I added following code to see if any Authorization Header is present in the request but there isn't any

add_filter( 'rest_pre_dispatch', 'prefix_show_request_headers', 10, 3 );
function prefix_show_request_headers( $result, $server, $request ) {
    $result = $request->get_headers();
    return $result;
}

Here (https://github.com/Tmeister/wp-api-jwt-auth/issues/6) I read that WordPress is maybe trying to authenticate via cookie method by default and is throwing error and not reaching JWT authentication so I added this piece of code but still no success

add_filter( 'rest_authentication_errors', '__return_true' );

At last I added "JSON Basic Authentication" plugin which also sends username:password in the Headers and it works. So I am not sure if it's an issue with Headers being stripped. As it is not recommended for production server so I need JWT authentication to work.

Any help is appreciated.

Improve this question

4 Answers 4

Reset to default
22

I was facing the same problem, until i change the order of lines on my htaccess. Initially,i put the lines

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

at the end of the rules.

After those lines where only after the RewriteEngine On, the error jwt_auth_no_auth_header was fixed. On jwt authentication for wp rest api

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This works but WordPress is automatically modifying my htacces
thats great save my day. thanks you. i did it many times and hadn't knowledge about this important configuration
13

In case someone else faces this issue, this code that I added to .htaccess is probably not working

# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

So in the plugin file jwt-authentication-for-wp-rest-api/class-jwt-auth-public.php, look in the function named validate_token, after the $auth check fails I added this piece of code :

if (!$auth) {
    $allHeaders = getallheaders();
    $auth = isset($allHeaders['Authorization']) ? $allHeaders['Authorization'] : false;
}

This will get that Authorization header and JWT will work as expected

Improve this answer

3 Comments

This helped me a lot. To avoid undefined index error, you can do the following: $auth = isset($allHeaders['AUTHORIZATION']) ? $allHeaders['AUTHORIZATION'] : false;
Thanks @steveKim ! Updated answer.
Note that the getallheaders() function does not exist in Nginx, PHP-FPM or any other FastCGI method of running PHP. It can be pollyfilled. See stackoverflow.com/a/41427998/1298923
1

I tried all the mentioned above and did not succeed to make it work until I checked my installed plugins and I found that I have two plugins: one called "JWT Auth", and the other: "JWT authentication for WP-API". When I de-activated "JWT Auth" everything worked just fine. I don't know the reason, but it seems there is some kind of conflict between the two.

Improve this answer

Comments

0

I can confirm that the plugin "JWT Auth" seems to have an issue. Instead, I installed "JWT Authentication for WP-API" and it worked like a charm

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.