Not authorized if you send a token with cookies

[cawa-93]

I successfully create a token, and validate them:

fetch("http://example.com/wp-json/jwt-auth/v1/token/validate", {method:"POST", "credentials":"include","headers":{"authorization":"Bearer <ACCESS_TOKEN>"}});

{"code":"jwt_auth_valid_token","data":{"status":200}}

But, if I'm already authorized on the site (I have WordPress Cookies installed) then I can not access the closed methods (Error 401)

// credentials: include
fetch("http://example.com/wp-json/wp/v2/users/me", {"credentials":"include","headers":{"authorization":"Bearer <ACCESS_TOKEN>"}});

{"code":"rest_not_logged_in","message":"You are not currently logged in.","data":{"status":401}}

However, if you omit cookies, then the authorization is working properly:

// credentials: omit
fetch("http://example.com/wp-json/wp/v2/users/me", {"credentials":"omit","headers":{"authorization":"Bearer <ACCESS_TOKEN>"}});

{"id":1,"name":"example","url":"","description":"","link":"","slug":"example"}

[breadadams]

@cawa-93 @Tmeister what's the actual solution to this issue? Just need to upgrade WP and the plugin?

[cawa-93]

@breadadams Yes. Starting with wp-api-jwt-auth Version 1.2.6, everything is working properly