Clever Geek Handbook

Jwt_auth_no_auth_header error while validating JWT token for WordPress REST API

I have two instances of AWS, one for a WordPress website and one for a React application. To connect them I use "WP REST API - OAuth 1.0a Server" and "JWT Authentication for WP-API" to access the WP REST API.

I can generate a token using /wp-json/jwt-auth/v1/token

, but when I try to access any other endpoint or try to validate the token for /wp-json/jwt-auth/v1/token/validate

, I get the following error:

{
  "code": "jwt_auth_no_auth_header",
  "message": "Authorization header not found.",
  "data": {
    "status": 403
  }
}

I looked and found a few things to add to .htaccess

. I added everything I could find but had no success.

RewriteEngine On
RewriteBase /

# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

# WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# For SetEnvIf Authorization
#RewriteRule (.*) - [env=myenv:1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
#SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

I added the following code to see if any authorization header is present in the request but does not exist

add_filter( 'rest_pre_dispatch', 'prefix_show_request_headers', 10, 3 );
function prefix_show_request_headers( $result, $server, $request ) {
    $result = $request->get_headers();
    return $result;
}

Here ( https://github.com/Tmeister/wp-api-jwt-auth/issues/6 ) I read that WordPress is probably trying to authenticate with the default cookie method and throwing an error and doesn’t reach the JWT, so I added this piece of code but still didn't have time

add_filter( 'rest_authentication_errors', '__return_true' );

Finally, I added the "JSON Basic Authentication" plugin which also sends username: password in headers and it works. So I'm not sure if this is a header clipping issue. As this is not recommended for a production server, so I need JWT authentication.

Any help is appreciated.

+3


source to share


2 answers


If anyone comes across this problem, this code I added in .htaccess

probably doesn't work

# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

So, in the plugin file jwt-authentication-for-wp-rest-api/class-jwt-auth-public.php

, look in the function named validate_token

, after checking the validation, $auth

I added this piece of code:



if (!$auth) {
    $allHeaders = getallheaders();
    $auth = isset($allHeaders['Authorization']) ? $allHeaders['Authorization'] : false;
}

This will cause the header Authorization

and JWT to work as expected

+3


source


I faced the same problem until I changed the order of the lines in my htaccess. Initially I put the lines

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

at the end of the rules.



After those lines where only after RewriteEngine On was the error jwt_auth_no_auth_header fixed. On jwt authentication for wp rest api

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
+1


source






More articles:


All Articles