wp-graphql-jwt-authentication icon indicating copy to clipboard operation
wp-graphql-jwt-authentication copied to clipboard
verified publisher icon wp-graphql

Throw error if GRAPHQL_JWT_AUTH_SECRET_KEY has not been added to wp-config.php

Open joshuaiz opened this issue 5 years ago • 2 comments

Currently, if GRAPHQL_JWT_AUTH_SECRET_KEY is not set in wp-config.php it causes an internal server error with WPGraphQL and prevents the schema from loading.

Failing to add the key in wp-config.php should present an error in the admin and probably not disable the schema.

joshuaiz avatar Apr 27 '20 16:04 joshuaiz

Of note: there's also the filter graphql_jwt_auth_secret_key. I propose the plugin, by default, should use a filter that returns the constant SECURE_AUTH_KEY. Would be as secure as the WordPress install itself and would allow the plugin to "work out of the box" while still allowing for custom keys set in functions and wp-config.

jonshipman avatar May 28 '20 21:05 jonshipman

I've experienced the same issue. It does not seem right that installing a plugin would result in PHP errors that break a WP site (mine is live).

therealgilles avatar Feb 16 '21 20:02 therealgilles