Shared hosting 403 jwt_auth_bad_config with $auth = $_SERVER['HTTP_AUTHORIZATION'] mod

[mikmikmik]

Edit: Using version 2.1 installed from Wordpress admin After adding RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1] I manage to have isset($headers['Authorization']) = 1 var_dump($headers['Authorization']) = string(0) "" isset($_SERVER['HTTP_AUTHORIZATION']) = 1 but nothing for isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) =

1. I can create a token
2. I can validate it with axios
3. I have a 403 'jwt_auth_bad_config' when I try to GET a custom api with the token and axios

Edit2: I tried the github version 3.0 and still same problem. Cookie refresh returns 'JWT is not configured properly.' Edit3: It's weird, it seems it can read JWT_AUTH_SECRET_KEY on the first 2 steps (I was able to send it in json response to test) but on line 392 of class-auth.php it's empty...

[mikmikmik]

I moved define('JWT_AUTH_SECRET_KEY', 'somesecrethash'); and define('JWT_AUTH_CORS_ENABLE', true); from the bottom of wp-config.php to its correct place with the other salts and now it's working as expected! (I didn't know it mattered)

[rickdroio]

Thanks for sharing! This fixed my api handle too!!!