Jwt_auth_no_auth_header error while validating JWT token for WordPress REST API
I have two instances of AWS, one for a WordPress website and one for a React application. To connect them I use "WP REST API - OAuth 1.0a Server" and "JWT Authentication for WP-API" to access the WP REST API.
I can generate a token using /wp-json/jwt-auth/v1/token
, but when I try to access any other endpoint or try to validate the token for /wp-json/jwt-auth/v1/token/validate
, I get the following error:
{
"code": "jwt_auth_no_auth_header",
"message": "Authorization header not found.",
"data": {
"status": 403
}
}
I looked and found a few things to add to .htaccess
. I added everything I could find but had no success.
RewriteEngine On
RewriteBase /
# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
# WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# For SetEnvIf Authorization
#RewriteRule (.*) - [env=myenv:1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
#SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
I added the following code to see if any authorization header is present in the request but does not exist
add_filter( 'rest_pre_dispatch', 'prefix_show_request_headers', 10, 3 );
function prefix_show_request_headers( $result, $server, $request ) {
$result = $request->get_headers();
return $result;
}
Here ( https://github.com/Tmeister/wp-api-jwt-auth/issues/6 ) I read that WordPress is probably trying to authenticate with the default cookie method and throwing an error and doesnβt reach the JWT, so I added this piece of code but still didn't have time
add_filter( 'rest_authentication_errors', '__return_true' );
Finally, I added the "JSON Basic Authentication" plugin which also sends username: password in headers and it works. So I'm not sure if this is a header clipping issue. As this is not recommended for a production server, so I need JWT authentication.
Any help is appreciated.
source to share
If anyone comes across this problem, this code I added in .htaccess
probably doesn't work
# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
So, in the plugin file jwt-authentication-for-wp-rest-api/class-jwt-auth-public.php
, look in the function named validate_token
, after checking the validation, $auth
I added this piece of code:
if (!$auth) {
$allHeaders = getallheaders();
$auth = isset($allHeaders['Authorization']) ? $allHeaders['Authorization'] : false;
}
This will cause the header Authorization
and JWT to work as expected
source to share
I faced the same problem until I changed the order of the lines in my htaccess. Initially I put the lines
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
at the end of the rules.
After those lines where only after RewriteEngine On was the error jwt_auth_no_auth_header fixed. On jwt authentication for wp rest api
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
source to share