jwt_auth_no_auth_header error on validating WordPress REST API JWT token

Question

I have two AWS instances, one for WordPress website and another for React application. To connect them together I am using "WP REST API - OAuth 1.0a Server" and "JWT Authentication for WP-API" for accessing WP REST API.

I am able to generate token by /wp-json/jwt-auth/v1/token but when I am trying to access any other endpoint or if trying to validate the token by /wp-json/jwt-auth/v1/token/validate I am getting following error :

{
  "code": "jwt_auth_no_auth_header",
  "message": "Authorization header not found.",
  "data": {
    "status": 403
  }
}

I looked up and found few things to add to .htaccess. I added everything I could find but had no success.

RewriteEngine On
RewriteBase /

# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

# WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# For SetEnvIf Authorization
#RewriteRule (.*) - [env=myenv:1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
#SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

I added following code to see if any Authorization Header is present in the request but there isn't any

add_filter( 'rest_pre_dispatch', 'prefix_show_request_headers', 10, 3 );
function prefix_show_request_headers( $result, $server, $request ) {
    $result = $request->get_headers();
    return $result;
}

Here (https://github.com/Tmeister/wp-api-jwt-auth/issues/6) I read that WordPress is maybe trying to authenticate via cookie method by default and is throwing error and not reaching JWT authentication so I added this piece of code but still no success

add_filter( 'rest_authentication_errors', '__return_true' );

At last I added "JSON Basic Authentication" plugin which also sends username:password in the Headers and it works. So I am not sure if it's an issue with Headers being stripped. As it is not recommended for production server so I need JWT authentication to work.

Any help is appreciated.

Answer 1

I was facing the same problem, until i change the order of lines on my htaccess. Initially,i put the lines

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

at the end of the rules.

After those lines where only after the RewriteEngine On, the error jwt_auth_no_auth_header was fixed. On jwt authentication for wp rest api

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Answer 2

In case someone else faces this issue, this code that I added to .htaccess is probably not working

# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

So in the plugin file jwt-authentication-for-wp-rest-api/class-jwt-auth-public.php, look in the function named validate_token, after the $auth check fails I added this piece of code :

if (!$auth) {
    $allHeaders = getallheaders();
    $auth = isset($allHeaders['Authorization']) ? $allHeaders['Authorization'] : false;
}

This will get that Authorization header and JWT will work as expected

Answer 3

I tried all the mentioned above and did not succeed to make it work until I checked my installed plugins and I found that I have two plugins: one called "JWT Auth", and the other: "JWT authentication for WP-API". When I de-activated "JWT Auth" everything worked just fine. I don't know the reason, but it seems there is some kind of conflict between the two.

Answer 4

I can confirm that the plugin "JWT Auth" seems to have an issue. Instead, I installed "JWT Authentication for WP-API" and it worked like a charm