Jwt-auth: Authorization header was not found

Created on 27 Nov 2019  ·  2Comments  ·  Source: WP-API/jwt-auth

Howdy, I am using this with GuzzleHttp Client class as follows:

$blogService = new Client([
            'base_uri' => $baseBlogUrl . '/wp-json/wp/v2/',
            'headers' => [
                'Authorization' => 'Bearer ' . $result['access_token']
            ],
            'debug' => true
        ]);

This is resulting in an error: {"code":"rest_authentication_no_header","message":"Authorization header was not found.","data":{"status":403}}

The debug for the request shows that the authorization header exists though:

POST /wp-json/wp/v2/users HTTP/1.1
Authorization: Bearer ACCESS_TOKEN_HERE
User-Agent: GuzzleHttp/6.4.1 curl/7.29.0 PHP/7.4.0RC6
Content-Type: application/json
picture hwmatthewa
👍1

Most helpful comment

Hey,
may have found some solution to this.

Added 3 lines in the .htaccess line (as it seems HTTP_AUTHORIZATION is otherwise striped out) :

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

as follow (in this specific places) : 

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Not sure yet what happens when updating some plugins if these lines would be erased ...

Edit : maybe something to be added to the README ?
Also, wondering if there is a way to automate the add of these lines to the .htaccess file through the plugin install...

picture ehben83 on 1 Dec 2019
🎉2 👍1

All 2 comments

Hey,
may have found some solution to this.

Added 3 lines in the .htaccess line (as it seems HTTP_AUTHORIZATION is otherwise striped out) :

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

as follow (in this specific places) : 

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Not sure yet what happens when updating some plugins if these lines would be erased ...

Edit : maybe something to be added to the README ?
Also, wondering if there is a way to automate the add of these lines to the .htaccess file through the plugin install...

ehben83 picture ehben83 on 1 Dec 2019
🎉2 👍1

Hey,
may have found some solution to this.

Added 3 lines in the .htaccess line (as it seems HTTP_AUTHORIZATION is otherwise striped out) :

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

as follow (in this specific places) :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Not sure yet what happens when updating some plugins if these lines would be erased ...

Edit : maybe something to be added to the README ?
Also, wondering if there is a way to automate the add of these lines to the .htaccess file through the plugin install...

This worked for me as well. Cheers.

hwmatthewa picture hwmatthewa on 2 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

andrewmclagan picture andrewmclagan  ·  3Comments
jkmassel picture jkmassel  ·  7Comments
fideloper picture fideloper  ·  3Comments
dmyers picture dmyers  ·  3Comments
beberlei picture beberlei  ·  3Comments