After authentication, cannot get any user info (403 forbidden)

[kkbrs]

Hi,

After some struggling I managed to get JWT token auth working, and i can get the access token allright, but I cant get users/me or any other users/ endpoint working with the access token. I'm simply putting the token into the auth header using postman, and it gives me 403 like below:

I believe I have the correct .htaccess file settings like below:

`# BEGIN WordPress

RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

END WordPress

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 ` Any help is appreciated..

[kkjdroid]

You have to move the last two lines to just after the first two.

[lbenevento]

Have you managed to find a solution? I'm facing the exact same problem.

[ISMkjackson]

Have you managed to find a solution? I'm facing the exact same problem.

Have you tried the solution I posted? If I recall correctly, you specifically need your RewriteCond and RewriteRule for HTTP_AUTHORIZATION to be before the ones for REQUEST_FILENAME.

[lbenevento]

Yes I tried writing them before everything but RewriteEngine On. Also /token/validate returns "jwt_auth_valid_token" so probably the token is reaching WP. I believe. Very very far from being a WP expert.

Edit: I did try some more and couldn't get it to work. What I noticed is that other namespaces work just fine.

[ISMkjackson]

Sometimes you need to call apply_filters('determine_current_user', false). This is actually hooked into get_current_user_id(), but for some reason it seems more reliable to call it manually. I have a helper function that tries get_current_user_id() and then calls the filter if the function doesn't work.