Release 1.3.3 breaks iOS native WooCommerce app

[kappuccino]

Hi!

Since the last release (1.3.3), the native iOS woocommerce app could no longer loads the shop data. If I rollback to 1.3.2 the app works just fine.

Could the update of php-jwt to 6.4.0 be responsible for this ?

Thanks!

[Tmeister]

Hi,

It is very hard for me to know what could be the issue if you don't provide more details; there is a template where I ask you to provide more details about the issue to know details about the setup to try to replicate and debug the issue.

Please use the template to add as much detail as possible so I can try to debug as closely as your setup; there are so many edge cases, plugin combinations, versions etc., that can be the issue.

Thanks!

[kappuccino]

For sure, I was in a hurry this morning, sorry about that.

The WooCommerce native iOS app can no longer load the shop data when the JWT plugin version is 1.3.3

• WordPress version: 6.3.1
• PHP Version: 8.1.22
• JWT Authentication for WP-API : 1.3.3 (1.3.2 is fine)
• WooCommercec 8.0.3
• iOS WooCommerce version 15.1 (update 2023/09/04) (https://apps.apple.com/fr/app/woocommerce/id1389130815)

Expected Behavior

The plugin should provide auth while the native app should be able to handle the shop data, and not disturbing the WooCommerce behaviour?

The only piece of log I have, i this pseudo error given back from a WooCommerce support guy: [jwt_auth_bad_auth_header] Malformed authorization header.

If the plugin is deactivated or roll-back to 1.3.2, the expected behaviour is visible

How can I help to help you with this issue ?

Thank you

[lukasz-gorski]

Hi.

We have another issues with our API for WC, but reason is the same. The problem is pretty simple. Since 1.3.3 It is not possible to auth with WC Rest api key/secret, as looks like JWT plugin has override auth method and not allowing for WC auth.

Please consider that as urgent, as this might crash lots of apps.

Thank you.

[Tmeister]

@kappuccino @lukasz-gorski

Thank you for your reports.

I replicated the issue on the WooCommerce Android app, and that fix worked.

Can you please test this branch https://github.com/Tmeister/wp-api-jwt-auth/tree/admin-settings

I've added a validation to check if the authentication header is not a Bearer and skip the verification process if the header is anything else.

I plan to push this change tomorrow Morning CST.

Best,

[kappuccino]

hi, @Tmeister thank you for this quick fix. This looks like this is working correctly. I noticed you add a new admin setting page, so I have activated the sharing analytics if this could help you while developing the plugin

Best