Wordpress JWT Authetication Plugin

ketchalegend

Due to the fact that the wordpress App is running on ngnix, i cant get the JWT Auth plugin to work even after i edited the .htaccess and added following
rewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

I still get {"code":"rest_no_route","message":"No route was found matching the URL and request method","data":{"status":404}} when trying to access this url: websiteurl/wp-json/jwt-auth/v1/token

Is it possible to make some changes to the ngnix sites-enabled default file? Or how can i solve this issue.

thanks

girish

@ketchalegend FWIW, the wordpress app runs on apache and not nginx. nginx is only the reverse proxy at the cloudron level but wordpress itself is served by apache mod-php.

Lonkle

Go to the Permalinks Settings Page and you don’t even need to change anything, just hit Save on that page. That helps with URL since it flushes rewrite rules that JWT may have made and thus the rewrite rules need to be recreated.

ketchalegend

@ketchalegend said in Wordpress JWT Authetication Plugin:

RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]

so you mean i dont have to make any changes to the htaccess file?

ketchalegend

This post is deleted!

ketchalegend

@girish is the HTTP Authorization Header deactivated?

girish

@ketchalegend When you add the rewrite rule, be sure to add it before the [L] rule which WordPress generated. This is because [L] means last and further rules are not processed.

Can you paste your entire htaccess file?

Also, how are you testing the plugin? I can try it out but I don't know how to test it.

girish

What I mean is, it has to look something like this:

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Like I said, I don't know how to test this

ketchalegend

@girish Once you have installed the plugin and made the changes you have to check out this url : https://yourdomain.com/wp-json/jwt-auth/v1/token
if its correctly configured it should work. If not you get the 404 error

girish

@ketchalegend I see. With the above htaccess, I got

curl -X POST -H "Authorization: Bearer 1234567890" https://wp.domain.com/wp-json/jwt-auth/token
{"success":false,"statusCode":403,"code":"jwt_auth_invalid_token","message":"Wrong number of segments","data":[]}

So looks like the route is working.