sun
commented
2 months ago That’s correct; the auth system of WordPress core is not bootstrapped yet in plugins_loaded. You can also see this in the WordPress Action Reference manual page.
I don’t really see what the jwt-auth plugin can do about this.
Apart from previously mentioned issues with being unable to set keywords or update snippet settings in RankMath plugin (https://github.com/usefulteam/jwt-auth/issues/4), it seems there is a bigger issue. Whenever JWT-Auth is enabled along with RankMath plugin, anonymous users cannot browse the website - they keep getting redirected to login page with jwt invalid header message. This is because, RankMath attaches a bunch of functions to 'plugins_loaded' hook, and most of these functions have usage of wordpress built-in user functions like current_user_can, determine_current_user etc. Whenever these functions are called, the anonymous user gets redirected to login page (because the authorization header is not formed by the jwt plugin yet, so it requires the user to login again). I had this exact issue with other plugins too, and was able to fix it by delaying the execution of those plugin hooks to 'init' (at which point the jwt auth functions properly) instead of 'plugins_loaded'. When calling any user function after 'init' event in wordpress, things work out fine because headers are properly setup. For RankMath I was not able to do this, because it has too many methods which rely on WP's user functions.