Closed pilotkid closed 3 years ago
@pilotkid library send request params in body, not in url with x-www-form-urlencoded header could you test your site with this?
Sadly I am getting the same response
Ok. also you could check the responce with GetToken() method Or you could check token/validate endpoint with postman like IsValidJWToken method
Interesting, when I try to validate the token it says that the authorization header was not found. Is that caused by htaccess or something else?
Also Quick side note: The only reason why I am posting the tokens, is because I am planning on changing the secret key after this is resolved
seems that server doesn`t accept Authorization header. May be problem in htaccess, may be in your hosting provider
While I wait to hear back from my hosting provider here is my htaccess file
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<ifModule mod_headers.c>
Header always add Access-Control-Allow-Origin: "*"
Header always add Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header always add Access-Control-Allow-Headers "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
</ifModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
# END WordPress
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^(.*)$ https://www.shootingsportssoftware.com/$1 [R=301,L]
Has there been any fix or update on this? I am also experiencing this issue, using the same mechanism above. I have also tested with Postman, and am using an Angular request to the server which sends a valid token.
Not that I know of. I ended up giving up. But thinking about it again I wonder if wordfence is interfering. Are you also running wordfence? On Wed, Mar 20, 2019 at 11:01 AM DSMTurboAWD notifications@github.com wrote:
Has there been any fix or update on this? I am also experiencing this issue, using the same mechanism above. I have also tested with Postman, and am using an Angular request to the server which sends a valid token.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wp-net/WordPressPCL/issues/159#issuecomment-474932099, or mute the thread https://github.com/notifications/unsubscribe-auth/AGFuhc7kbxQVRyQkqfB8lX7VyUVgHn4oks5vYmltgaJpZM4af3AS .
-- Sincerely, Marcello A. Bachechi
If this was my production server, then I certainly would be, but this is done on a AMPPS install of WordPress that I use for testing. I do have the htaccess, CORS and all those configurations set correctly, as confirmed by PostMan, and my calls using Angular. I was hoping it was a simple easy fix, as I like the idea of this package, as it would make an easy access controlled content viewer, if I could get it to work.
I wish I could remember the url for the original documentation, but I found a reference to this issue, claiming, I think, that the required lines in the .htaccess needed to be near or at the top.. prior to this adjustment, I was getting the same result you are, afterwards it works. The start of my .htaccess file looks like this:
RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.) RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1] SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
RewriteCond %{HTTP_HOST} ^xxx-a-domain.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.xxx-a-domain.com/$1 [R,L]
RewriteCond %{HTTP:Authorization} ^(.) RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1] SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Your comment helped me to solve the issue. Thanks a lot.
I’m closing this issue because it has been inactive for a while. Please feel free to reopen if you still encounter this issue. Thanks!
Hello all, I am trying to authenticate using JWT however, is valid is always returning false.
When I use Postman or CURL to make the request it returns a valid token