tommycopeland
commented
5 years ago Bump....would be great to have someone at least look at this! Thanks.
Closed tommycopeland closed 1 year ago
tommycopeland
commented
5 years ago Bump....would be great to have someone at least look at this! Thanks.
tommycopeland
commented
5 years ago This sucks. No one monitors these pages?
nicholaspretorius
commented
5 years ago @tommycopeland Have you made any progress on this?
I have had a similar issue. For comparison, my WP version is 5.2.2, however, my PHP version is 5.6.4 (which satisfies the minimum required version for the plugin). Running base WordPress with 2019 theme, no plugins activated except for wp-api-jwt-auth.
I see that the wordpress.org plugin site says the plugin has only been tested to WP v 5.1.1.
EDIT: I have upgraded my PHP version to 7.2 and still receive the same result.
EDIT 2: Something that was different about my setup was that I had WordPress setup in a subdirectory. I decided to move these files out into the public_html folder and it now works. Authorization headers are no longer stripped and I can POST to the API.
EDIT 3: On further communication with my hosting provider, they informed me that in order to make this work, they need to make a change to the Virtual Hosts (i.e. httpd.conf file), namely, they added this:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Changes in httpd.conf require an Apache restart. As such, if you have direct access to your server, you can do it. If not, the host will need to do it for you.
tommycopeland
commented
5 years ago Thanks so much for commenting, dude. I finally gave up on this a few weeks back, but now I'm thinking I might want to try your fix. I have my WP files in the public_html folder on my server as well - when you say you "moved it out" of that folder, where would you have moved the files to? I do have direct access to http.conf file, so I can take care of that step. Did they prioritize where this line was added? (Sometimes things go to the top of bottom of a file before other commands are run, so I was just curious...)
tommycopeland
commented
5 years ago Sorry, didn't mean to "close" the thread.
nicholaspretorius
commented
5 years ago @tommycopeland I do not have access to my virtual host since the instance I was using is on a shared hosting plan. I will ask my hosting provider for an example.
I found a link that shows an example here - maybe that will help: https://github.com/owncloud/oauth2/issues/49#issuecomment-356212295
Another link here, doesn't really distinguish: https://support.deskpro.com/en/kb/articles/missing-authorization-headers-with-apache
You will need to restart Apache each time you make changes in order for them to take effect.
Re: folders, I setup my WordPress sites a little differently to the standard install. Ultimately, that had no impact on the situation since it was the Virtual Host config that was overriding anything relating to auth headers that I tried in .htaccess. As such, I now do not have anything regarding auth headers in my .htaccess since it is now set on server level in Virtual Host.
[Update]: My hosting provider informed me of the following, depending on this host these details may vary:
In the httpd.conf file, they added the following line at the bottom of the
That path above, is a file named authmod.conf. This file contains the line: SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
This is done because the main httpd.conf file that the server uses is auto-generated by cPanel and any changes to it are overwritten any time the httpd.conf file is rebuilt. With this in mind cPanel allows for modifications to be included in the Apache build if they are placed at the path.
contactjavas
commented
4 years ago Hi @tommycopeland , Hi @nicholaspretorius , Did you get the issues above fixed?
I made a jwt-auth plugin based on this plugin. Adjusted it to match my need. But not sure if it would works for you.
BlakeNol
commented
3 years ago @tommycopeland Have you made any progress on this?
I have had a similar issue. For comparison, my WP version is 5.2.2, however, my PHP version is 5.6.4 (which satisfies the minimum required version for the plugin). Running base WordPress with 2019 theme, no plugins activated except for wp-api-jwt-auth.
I see that the wordpress.org plugin site says the plugin has only been tested to WP v 5.1.1.
EDIT: I have upgraded my PHP version to 7.2 and still receive the same result.
EDIT 2: Something that was different about my setup was that I had WordPress setup in a subdirectory. I decided to move these files out into the public_html folder and it now works. Authorization headers are no longer stripped and I can POST to the API.
EDIT 3: On further communication with my hosting provider, they informed me that in order to make this work, they need to make a change to the Virtual Hosts (i.e. httpd.conf file), namely, they added this:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Changes in httpd.conf require an Apache restart. As such, if you have direct access to your server, you can do it. If not, the host will need to do it for you.
The "EDIT 3" portion of editing httpd.conf worked for me on a Bitnami Wordpress VM running Wordpress 5.7.1
Hi there, new to the plugin. So I was using the WP V2 API to generate posts for a custom post type using the basic authentication method, and it's been working fine for a long time. But today (suddenly) I encountered an error:
{ "code": "rest_cannot_create", "message": "Sorry, you are not allowed to create posts as this user.", "data": { "status": 401 } }I figured it was a good time to switch to something more secure anyway, so I followed the instructions to install this plugin. I returned a token using Postman, but when I use the token as a header request:
Authorization: Bearer {{token}}I get the same error. Can't seem to get around it with either basic or JWT.
I've researched for about an hour, found many people experiencing the same issue, and getting their issue solved by tweaking the .htaccess file, or something easy like that. I've tried it all. I'm wondering if maybe this plugin is clashing with the latest WP version? Or maybe since I've upgraded some of my server software, that's where the clash is coming from. Whatever it is, the basic auth plugin is also not working, so I do not think it's a JWT plugin bug.
Here's my config: 1) I did upgrade to WP version 5.2.1, the latest 2) Server is CENTOS 6.10 3) PHP 7.2
Any help is greatly appreciated. I'm lost for ideas. Thanks!