simple-jwt-authentication icon indicating copy to clipboard operation
simple-jwt-authentication copied to clipboard

Published 20 hours ago verified publisher icon jonathan-dejong

Incompatibility with Woocommerce

Open cesar-alamilla opened this issue 5 years ago • 4 comments

Hi, first of all thank you for this plugin it works fine.

However I found a trouble using it along with Woocommerce plugin.

Due to the kind of host of my WP I need to edit the .htaccess file adding: RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.) RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1] and SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

In order to access the namespace /simple-jwt-authentication/v1 with my Bearer token. This work fine, actually I can validate, refresh and revoke tokens successfully.

The problem comes when I try to access the endpoints enable by Woocommerce in which I need a Basic token to access the API. All the Woocommerce endpoints return me an error code "jwt_auth_bad_auth_header" with a message: "Authorization header malformed."

If I disable the plugin or removes the lines added to the .htaccess the woocommerce plugin return to work as usual.

I do a little Google search about this and I found this maybe is an inherited problem from the plugin of Tmeister. Also I found a little workaround, this is not the best solution however it allow me to have simple-jwt-authentication working alongside woocommerce:

https://github.com/Tmeister/wp-api-jwt-auth/issues/48#issuecomment-503291246

This a temporary solution however it would be fine if a definitive is found for this.

Greetings!

cesar-alamilla avatar May 18 '20 04:05 cesar-alamilla

Hi @cesar-alamilla

Thank you :)

I'll look into that temporary solution. I'm not entirely sure it's the way to go but I can see the issue. In the meantime you can add that temporary fix yourself in your own code I think :)

jonathan-dejong avatar May 18 '20 13:05 jonathan-dejong

Yeah this is totally a temporary fix, I know that this isn't by far an optimal solution.

I'm pretty new using WP but if I had time I will try to look for a better solution.

Greetings (:

cesar-alamilla avatar May 19 '20 03:05 cesar-alamilla

Since I'm having a similar setup and use case for JWT, thought I'd chime in here:

@cesar-alamilla

access the endpoints enable by Woocommerce in which I need a Basic token to access the API.

I thought the Simple JWT plugin should do exactly this, so we don't have to care about the WooCommerce auth methods anymore.. I came here for that reason, I use WC/WP headless from a React app and don't want to store user/pass locally in the browser but rather an expiring JWT after the user logged in with user/pass.

I couldn't make it work yet, see #67 and not sure what my issue exactly is (the old JWT plugin by TMeister still works for me).. However, if you don't care about JWT auth for your WC endpoints, you can also use WooCommerce's oauth 1.0 authentication. WC is able to read the oauth params from the query string, rather than the Authorization header, which should make it compatible out-of-the-box with this plugin. At least it was compatible with the old JWT plugin.

nilsnolde avatar Jul 12 '20 17:07 nilsnolde

Well that's an interesting approach.

In the next days I will try your suggestion, it sounds more it sounds more reliable than just skip a validation.

thanks @nilsnolde !

cesar-alamilla avatar Jul 15 '20 05:07 cesar-alamilla