jwt-auth icon indicating copy to clipboard operation
jwt-auth copied to clipboard

Published 20 hours ago verified publisher icon WP-API

Authorization header was not found

Open hwmatthewa opened this issue 5 years ago • 2 comments

Howdy, I am using this with GuzzleHttp Client class as follows:

$blogService = new Client([
            'base_uri' => $baseBlogUrl . '/wp-json/wp/v2/',
            'headers' => [
                'Authorization' => 'Bearer ' . $result['access_token']
            ],
            'debug' => true
        ]);

This is resulting in an error: {"code":"rest_authentication_no_header","message":"Authorization header was not found.","data":{"status":403}}

The debug for the request shows that the authorization header exists though:

POST /wp-json/wp/v2/users HTTP/1.1
Authorization: Bearer ACCESS_TOKEN_HERE
User-Agent: GuzzleHttp/6.4.1 curl/7.29.0 PHP/7.4.0RC6
Content-Type: application/json

hwmatthewa avatar Nov 27 '19 00:11 hwmatthewa

Hey, may have found some solution to this.

Added 3 lines in the .htaccess line (as it seems HTTP_AUTHORIZATION is otherwise striped out) :

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

as follow (in this specific places) :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Not sure yet what happens when updating some plugins if these lines would be erased ...

Edit : maybe something to be added to the README ? Also, wondering if there is a way to automate the add of these lines to the .htaccess file through the plugin install...

ehben83 avatar Dec 01 '19 20:12 ehben83

Hey, may have found some solution to this.

Added 3 lines in the .htaccess line (as it seems HTTP_AUTHORIZATION is otherwise striped out) :

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

as follow (in this specific places) :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Not sure yet what happens when updating some plugins if these lines would be erased ...

Edit : maybe something to be added to the README ? Also, wondering if there is a way to automate the add of these lines to the .htaccess file through the plugin install...

This worked for me as well. Cheers.

hwmatthewa avatar Dec 02 '19 22:12 hwmatthewa