jwt_auth_no_auth_header error on validating WordPress REST API JWT token

wordpress rest authentication jwt

11,628

Solution 1

In case someone else faces this issue, this code that I added to .htaccess is probably not working

# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

So in the plugin file jwt-authentication-for-wp-rest-api/class-jwt-auth-public.php, look in the function named validate_token, after the $auth check fails I added this piece of code :

if (!$auth) {
    $allHeaders = getallheaders();
    $auth = isset($allHeaders['Authorization']) ? $allHeaders['Authorization'] : false;
}

This will get that Authorization header and JWT will work as expected

Solution 2

I was facing the same problem, until i change the order of lines on my htaccess. Initially,i put the lines

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

at the end of the rules.

After those lines where only after the RewriteEngine On, the error jwt_auth_no_auth_header was fixed. On jwt authentication for wp rest api

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

11,628

Author by

Akash Joshi

Updated on June 12, 2022

Comments

Akash Joshi almost 2 years
I have two AWS instances, one for WordPress website and another for React application. To connect them together I am using "WP REST API - OAuth 1.0a Server" and "JWT Authentication for WP-API" for accessing WP REST API.

I am able to generate token by /wp-json/jwt-auth/v1/token but when I am trying to access any other endpoint or if trying to validate the token by /wp-json/jwt-auth/v1/token/validate I am getting following error :
```
{
  "code": "jwt_auth_no_auth_header",
  "message": "Authorization header not found.",
  "data": {
    "status": 403
  }
}
```
I looked up and found few things to add to .htaccess. I added everything I could find but had no success.
```
RewriteEngine On
RewriteBase /

# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

# WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# For SetEnvIf Authorization
#RewriteRule (.*) - [env=myenv:1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
#SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
```
I added following code to see if any Authorization Header is present in the request but there isn't any
```
add_filter( 'rest_pre_dispatch', 'prefix_show_request_headers', 10, 3 );
function prefix_show_request_headers( $result, $server, $request ) {
    $result = $request->get_headers();
    return $result;
}
```
Here (https://github.com/Tmeister/wp-api-jwt-auth/issues/6) I read that WordPress is maybe trying to authenticate via cookie method by default and is throwing error and not reaching JWT authentication so I added this piece of code but still no success
```
add_filter( 'rest_authentication_errors', '__return_true' );
```
At last I added "JSON Basic Authentication" plugin which also sends username:password in the Headers and it works. So I am not sure if it's an issue with Headers being stripped. As it is not recommended for production server so I need JWT authentication to work.

Any help is appreciated.