I have two AWS instances, one for WordPress website and another for React application. To connect them together I am using "WP REST API - OAuth 1.0a Server" and "JWT Authentication for WP-API" for accessing WP REST API.
I am able to generate token by /wp-json/jwt-auth/v1/token
but when I am trying to access any other endpoint or if trying to validate the token by /wp-json/jwt-auth/v1/token/validate
I am getting following error :
{
"code": "jwt_auth_no_auth_header",
"message": "Authorization header not found.",
"data": {
"status": 403
}
}
I looked up and found few things to add to .htaccess
. I added everything I could find but had no success.
RewriteEngine On
RewriteBase /
# Enable HTTP Auth
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
# WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# For SetEnvIf Authorization
#RewriteRule (.*) - [env=myenv:1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
#SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
I added following code to see if any Authorization Header is present in the request but there isn't any
add_filter( 'rest_pre_dispatch', 'prefix_show_request_headers', 10, 3 );
function prefix_show_request_headers( $result, $server, $request ) {
$result = $request->get_headers();
return $result;
}
Here (https://github.com/Tmeister/wp-api-jwt-auth/issues/6) I read that WordPress is maybe trying to authenticate via cookie method by default and is throwing error and not reaching JWT authentication so I added this piece of code but still no success
add_filter( 'rest_authentication_errors', '__return_true' );
At last I added "JSON Basic Authentication" plugin which also sends username:password in the Headers and it works. So I am not sure if it's an issue with Headers being stripped. As it is not recommended for production server so I need JWT authentication to work.
Any help is appreciated.