http_authorizaion header #1
Comments
|
Hey Thanks, Can you please tell me your server setup, is a local install or a live server to include the info in the readme file. |
|
Live server on WPEngine... your plugin works like a charm! Where can I pay you a beer? :-) |
|
I needed this line too with a simple apache setup on my dev machine. As I did not know what WPEngine is I ignored this first time around and lost some time with rest_forbidden errors as a result. I'm not sure what would be an accurate change, but I do suggest updating the README a little |
|
I added the lines to my htaccess. I an getting the following error. ---- htaccess begin ------ -----htaccess end----- |
|
For users of AWS Lightsail with a bitnami/WordPress instance: To make this work go and edit /home/bitnami/apps/wordpress/conf/htaccess.conf and set the SetEnvIf statement there: Don't forget to restart Apache! It didn't work for me in the .htaccess. :( |
|
Getting error after configuring this plugin as per the steps mentioned over here : https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/ Error : Any suggestion ? |
|
@riteshtailor2002 what is your server setup? If Apache + PHP do you access to |
|
Have the same(?) problem: My .htaccess: `` |
|
@Mulli, this is me just guessing; I have no idea how the mode_rewrite of Apache works or environment variables manipulation for that matter. Have you tried to move the line |
|
Hi guys. This line |
|
I have only one problem, |
|
Hi @Mulli |
|
@nabilzidane what about moving the line |
|
@itibook can you share your I am running wordpress on wp-engine, and using the code suggested by @nabilzidane does not work. The error I get is |
|
@dauledk I haven't tried it out in a long time, but this is what I had at the time... wouldn't be surprised if it doesn't work anymore |
|
@itibook ok, I gave up and is now successfully using the https://wordpress.org/plugins/application-passwords/ plugin instead and it works. But thanks |
|
@Tmeister what is the solution for other special hosting env like FlyWheel or pantheon ? |
I got it working. The important part is the authorization header. It must be |
|
In my case it wasn't working because I was using SiteGround's staging environment. Works fine in production. |
|
what is url for user logout api, means how to revoke user token |
|
@yagnikv remove the token from client. token on WP is not saved on DB, it just validates if it is still valid. |
|
How to configure this for nginx? I try with global fastcgi configfastcgi_pass_header Authorization; server { but this not work. Any help? |
|
@fabdelgado and all the future Nginx-ers These are the Nginx location blocks location /app/login/ {
try_files $uri $uri/ /index.php?$args;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP:Authorization $http_authorization;
more_set_headers 'Authorization: $http_authorization';
include fastcgi_params;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP:Authorization $http_authorization;
more_set_headers 'Authorization: $http_authorization';
include fastcgi_params;
fastcgi_pass php;
}Main part fastcgi_param HTTP:Authorization $http_authorization;
more_set_headers 'Authorization: $http_authorization';When you do https://example.com/app/login -H 'Authorization: 1234123412341234'The response will have |
|
And it is more suitable than placing the following lines after the |
|
@alexbjorlig did you managed to get Application Passwords to work without any issues? I can get it to work locally and works just fine when testing, but on WPEngine I am getting 403 from Nginx... no idea what else I could do |
|
@alexbjorlig figured out the issue... not sure why, but WPEngine requires a User-Agent header when doing a call via the Python requests library, as silly as that. |
|
I'm using WPEngine found this issue after intense debugging.... The app was logging into the wrong user account (the previously logged in user, i believe) when the User-Agent had the word google or facebook in it. I'm not sure if this is a WP API bug or a JWT bug or what. Currently passing a custom user agent to avoid this issue. |
|
I am trying JWT Authentication for WP-API for building an Flutter App for Wordpress . I am facing issue with login , Its working good for Administrator account but it not allows the user account to login . But for my case i need my users to login to view the content . Please help me |
|
This might help if any of you guys are on AWS Lightsail Wordpress |
|
(for anyone using WpEngine) WpEngine has deprecated
|
This did not work for us. We are still seeing the "authorization header not found" error. Any other ideas? |
|
Hi @davidglines, I was not able to figure out what causes this issue for me. My production environment is currently working and authenticating as expected, but my staging env. wasn't. I spent hours with wpengine and we tried different things, including trying to recreate HTTP Authorization in nginx and what not, but we never figured it out. I ended up destroying the staging envs and starting them over with fresh copies, and fortunately that is enough for me. I never received the authorization header not found error, though. My issue was that users weren't being logged in via jwt - instead they were just getting access. So calls to woocommerce and to get their user profile didn't authenticate. |
|
Jacob, thanks for the information. We are still stuck and have tried 3-4 different nginx rules as well as Web rules at WPengine. No luck. We have escalated to senior techs and hoping it will get resolved very soon. Our users cannot log in to our React app.
DG
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: jacobraccuia ***@***.***>
Sent: Thursday, October 20, 2022 8:54:01 PM
To: Tmeister/wp-api-jwt-auth ***@***.***>
Cc: David Glines ***@***.***>; Mention ***@***.***>
Subject: Re: [Tmeister/wp-api-jwt-auth] http_authorizaion header (#1)
CAUTION: External Sender
Hi @davidglines<https://github.com/davidglines>,
I was not able to figure out what causes this issue for me. My production environment is currently working and authenticating as expected, but my staging env. wasn't. I spent hours with wpengine and we tried different things, including trying to recreate HTTP Authorization in nginx and what not, but we never figured it out.
I ended up destroying the staging envs and starting them over with fresh copies, and fortunately that is enough for me.
I never received the authorization header not found error, though. My issue was that users weren't being logged in via jwt - instead they were just getting access. So calls to woocommerce and to get their user profile didn't authenticate.
—
Reply to this email directly, view it on GitHub<#1 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AVOGGY4IWSUL2TUJEBV7DSTWEHZTTANCNFSM4BOVG25A>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
hey @davidglines, have you had any luck? i'm not sure if my current issue is related, but a POST API call works perfectly in staging and in production it treats it like a GET call and returns the GET response.. |
|
Hi, Jacob. We ended up going the WP login route as our clients needed to get into our app. If needed, we will give your plug-in a try again in the future. Thanks for checking in.
DG
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: jacobraccuia ***@***.***>
Sent: Friday, November 4, 2022 12:24:33 PM
To: Tmeister/wp-api-jwt-auth ***@***.***>
Cc: David Glines ***@***.***>; Mention ***@***.***>
Subject: Re: [Tmeister/wp-api-jwt-auth] http_authorizaion header (#1)
CAUTION: External Sender
hey @davidglines<https://github.com/davidglines>, have you had any luck?
i'm not sure if my current issue is related, but a POST API call works perfectly in staging and in production it treats it like a GET call and returns the GET response..
—
Reply to this email directly, view it on GitHub<#1 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AVOGGY7QZBT5TSQMIVWOLBLWGVBFDANCNFSM4BOVG25A>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Did anyone ever find a solution to this? I've been looking for months and keep coming back to this issue thread hoping to find something. Seems pretty crazy that WP Engine would just drop support for .htaccess and then not have a reasonable alternative. If anyone know of a way to get around this or use a different solution all together, I'd love to hear about it. Thanks! |
|
I was finally able to resolve this. I'll outline my fix below to hopefully help the next person if they are also running into this (although my gut tells me this is fairly unique to us) Before I had a call to "/wp-json/wp/v2/users/me" as such in a js file: I updated this to be: Then I updated the script enqueue function in my php file to this: Note the "wp_localize_script" that creates the "rest_nonce" variable referenced in the js file
|
|
I will leave this here, maybe it will help someone like me. I was getting this error: This happened when using Insomnia (software like Postman) and making a GET request without any kind of Authorization. There is a fix to be made in the code on that line $auth_header = $_SERVER['HTTP_AUTHORIZATION'] ? sanitize_text_field( $_SERVER['HTTP_AUTHORIZATION'] ) : false;With this: $auth_header = array_key_exists( 'HTTP_AUTHORIZATION', $_SERVER ) && $_SERVER['HTTP_AUTHORIZATION'] ? sanitize_text_field( $_SERVER['HTTP_AUTHORIZATION'] ) : false;I will suggest a PR with this fix. Update: |
and others
Hi there,
playing around with your plugin... looks really well done. I had some issues with the Authorization header not showing up. I googled around and found this. I used it instead of your htaccess code and it did the trick for me... hope it helps others
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
The text was updated successfully, but these errors were encountered: