After setup the plugin I got this error message
{
? ? “success”: false,
? ? “statusCode”: 500,
? “code”: “jwt_auth_bad_config”,
? ? “message”: “JWT is not configured properly.”,
? ? “data”: []
}
my .htacess looks like
php_value memory_limit 256M
php_value max_input_vars 10000
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.) – [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
and in wp_config.php
this 2 lines also inside.
/** Absolute path to the WordPress directory. /
if ( ! defined( ‘ABSPATH’ ) ) {
define( ‘ABSPATH’, dirname( FILE ) . ‘/’ );
}
define( ‘JWT_AUTH_SECRET_KEY’, ‘my-top-secret-key’ );
define( ‘JWT_AUTH_CORS_ENABLE’, true);
/** Sets up WordPress vars and included files. */
require_once( ABSPATH . ‘wp-settings.php’ );
Can anyone help me?
BR
Andy
Is there a way to generate token and refresh token without user credentials?
I’m trying to implement a custom login method and I need to generate token and refresh token using user ID.
thanks.
]]>Hi,
I was wondering is it possible on a token refresh to determine if a user has been deleted?
The scenario I was thinking of is if a user was actively logged in and getting valid token refreshes, but then their account has been deleted – can the token validation or endpoint refresh endpoint detect this (i.e distinguish between an expired token and a deleted user?)
Thanks!
]]>Hello @dominic
I have set the token expiration time to two days.
I have faced an issue that once I generated the token successfully, and later every time I tried to re-generate a token I got the message Refresh token is obsolete. Link: https://tinyurl.com/2xk2e2xz
If I tried to use the device parameter with the generate token API. It returns an Invalid refresh token message. Link: https://tinyurl.com/2y2mfben
Can you help me with this issue?
Also FYI, I am facing this issue in a plugin version 3.0.2 in an older version I do not face such an issue.
Thanks
]]>I am trying to login autheticate and creating token but i am getting error “rest_no_route”. please suggest what i am making wrong ?
Please note that version 3.0.2 has been released with some major changes. Please check the section titled “Upgrading to v3” on the plugin page before raising new issues:
]]>There seems to be a conflict between JWT Auth and AutomateWoo. Can this be looked into please?
Thank you.
]]>How to configure this plugin on nginx server?
]]>If a password contains a quotation mark it will pass when logging in via the webpage but fails with JWT.
Happens with both ” and ‘
Hi,
After updating this morning to v2.1.6, our client’s website (hosted on PHP 7.3) was down with the following error:
PHP Fatal error: Composer detected issues in your platform: Your Composer dependencies require a PHP version ">= 7.4.0". You are running 7.3.33. in .../plugins/jwt-auth/vendor/composer/platform_check.php on line 24We’ve fixed it in this case by updating PHP to 7.4, but the readme.txt file still states “Requires PHP: 7.2”. It’s an older site, won’t run on PHP 8 without changes, but I’m hoping it should be fine on 7.4.
A PHP version check needs adding to the plugin’s initialisation before the Composer autoload line, as a failsafe, to prevent it from killing the entire site.
]]>Hi,
I hope you are doing well.
when I am using jwt-auth plugin and tried to login the user I am getting this response
{????"success":?false,????"statusCode":?403,????"code":?"jwt_auth_no_auth_header",????"message":?"Authorization?header?not?found.",????"data":?[]}
when I tried to access only wp-json still I am getting same response
https://app.gemoo.com/share/image-annotation/575074621500428288?codeId=PYxqw2eJV9NKK
please guide me what I am doing wrong I did every thing you suggested in your documentation.
Thanks
Regards
Syed Ali Ahmed
]]>Cannot modify header information – headers already sent by (output started at /var/www/doortodoor/2023/wp-includes/script-loader.php:2838) in /var/www/doortodoor/2023/wp-content/plugins/jwt-auth/class-auth.php on line 98
I looked up the function and it applies to adding CORS support. The problem is that it is sending header information (i.e. header(…)) AFTER the header sent by script-loader.php.
Any idea how to fix this?
The plugins are conflicting when saving the widgets, with WordPress returning the following error:
‘An error has occurred. Cannot read properties of undefined (reading ‘0’)’,
I ran a series of tests, changing the theme and deactivating plugin by plugin, and the error only stops occurring when JWT Auth is deactivated.
Note, I have WordPress on version 6.3
JWT upgrade to -php 8 & 8+ as having conflict with elementor . JWT working fine in PHP7.4 but if we change website into php 8 or 8+ it’ having conflict with elementor and we are able to work on elementor pages.
]]>Hi,
I need to replace normal WordPress username password login method with jwt authentication token. Can I do that? Instead of entering username password just by using jwt authentication token programmatically can I login to the website.
Hi,
it seems that JWT Auth is blocking communication between the site and WPML ATE Server (we tested on staging site).
Our website in IT is multilingual (IT EN DE NL FR) and we can’t publish the content in EN DE NL FR.
Could you please help?
Thanks
A password such as ,;:./?+-_*!”£$%^&() works via wordpress login, but fails with JWT Auth. What’s the solution?
]]>Hey there,
My error log is full of the following:
2023-05-17 17:00:06.313544 [NOTICE] [3919477] [xxx.xx.xxx.xx:xxxxx:HTTP2-1#websitex.com] [STDERR] PHP Warning: Undefined array key "REDIRECT_HTTP_AUTHORIZATION" in /var/www/websitex.com/htdocs/wp-content/plugins/jwt-authentication-for-wp-rest-api/public/class-jwt-auth-public.php on line 225What can I make to stop this error?
Cheers
]]>Hi, I’ve been using your plugin for a few years, and had no problems until yesterday. When I make a call I get this error:
{“success”:false,”statusCode”:403,”code”:”jwt_auth_no_auth_header”,”message”:”Authorization header not found.”,”data”:[]}
I did nothing, but there was an automatic WP core update, from 6.1.1 to 6.2
Your plugin is also updated.
Thanks for any help or suggestion
]]>Suppose a user had a JWT, but they believe it was created in error. How do you invalidate the token?
]]>Hi,
i’m trying to using token authetication from an external application. I log in using wp rest api, use the provided credentials to get token and everything works fine. Now is there a proper way to refresh token without provide login e password each time? I would like user to be able to autologin once it’s registered.
Thanks
Davide
]]>Hello! We are using JWT and have recently started testing a plugin called AI Engine to create a chatbot. It seems with JWT activated, the chatbot plugin does not work and it’s unable to retrieve anything from the API, nor change the settings in the plugin. Here is a video of the issue:
https://www.loom.com/share/78daf4703f6a40b081df59c9b81e2dec
Nothing shows up in the console errors. Do you guys know what’s going on?
Plugin installed:
JWT Auth – WordPress JSON Web Token Authentication
WordPress – 6.11
PHP -7.4.22
we can generate a AUTH Token to the REST api
/wp-json/jwt-auth/v1/token?| POST
and do a API call using POSTMAN JWT Authorisation Bearer | Token
this all works!
However, the same API URLS are still public accessible.
The JWT plugin has not blocked public access to the API .
All REST API should now require AUTH access.
I can provide access to the server if required
Hi developers, this is an excellent plugin and good work!
I have a concern whether this plugin allows unlimited attempts to generate bearer tokens… implication being that if it so, it opens the doors wide open for a bruteforce attack.
Please let me know it is the case and how can I limit number of available attempts to generate jwt token
Thanks
]]>Recent update to Elementor 3.8.1 has caused a conflict with JWT Auth 2.1.3, that is preventing any updates via elementor. Elementor edit window gets stuck on loading and their support has directed me to contact JWT Auth support since the issue is isolated to this plugin. Can you please assist?
Thanks!
]]>This plugin is breaking WP Cron for Siteground hosting. How can we whitelist WP Cron?
]]>Greetings,
Since WP Engine no longer supports htaccess on their platform, would you happen to have an Nginx version of this rule?
“SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1″
Thank you!
]]>I am using wpackagist to manage plugins and themes, because this plugin includes a .gitignore in the trunk, composer is excluding the vendor directory. Can the .gitignore be removed from the deployed files?
]]>Hi,
I need to know if this plugin will be back to WordPress store or no, because I have critical notifications about this plugin from Wordfence scan.
This is the message “Plugin removed from WordPress Store”
Thanks
]]>Hi,
we have an issue after updateing site at php8.0.x
in details in a wordpress installation with only woocommerce, elementor (PRO) and jwt-auth the elementor gui editior is not loading with this error on log:
PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /evolutiontravel.community/ita/wp-content/plugins/woocommerce/src/Admin/API/Reports/PerformanceIndicators/Controller.php:150
Stack trace:
#0 /evolutiontravel.community/ita/wp-content/plugins/woocommerce/src/Admin/API/Reports/PerformanceIndicators/Controller.php(271): Automattic\WooCommerce\Admin\API\Reports\PerformanceIndicators\Controller->get_analytics_report_data()
#1 /evolutiontravel.community/ita/wp-content/plugins/woocommerce/src/Admin/API/Reports/PerformanceIndicators/Controller.php(652): Automattic\WooCommerce\Admin\API\Reports\PerformanceIndicators\Controller->get_indicator_data()
#2 /evolutiontravel.community/ita/wp-content/plugins/woocommerce/src/Admin/API/Reports/PerformanceIndicators/Controller.php(97): Automattic\WooCommerce\Admin\API\Reports\PerformanceIndicators\Controller->get_collection_params()
#3 /evolutiontravel.community/ita/wp-content/plugins/woocommerce/src/Admin/API/Init.php(127): Automattic\WooCommerce\Admin\API\Reports\PerformanceIndicators\Controller->register_routes()
#4 /evolutiontravel.community/ita/wp-includes/class-wp-hook.php(307): Automattic\WooCommerce\Admin\API\Init->rest_api_init()
#5 /evolutiontravel.community/ita/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()
#6 /evolutiontravel.community/ita/wp-includes/plugin.php(476): WP_Hook->do_action()
#7 /evolutiontravel.community/ita/wp-includes/rest-api.php(561): do_action()
#8 /evolutiontravel.community/ita/wp-includes/rest-api.php(387): rest_get_server()
#9 /evolutiontravel.community/ita/wp-includes/class-wp-hook.php(307): rest_api_loaded()
#10 /evolutiontravel.community/ita/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()
#11 /evolutiontravel.community/ita/wp-includes/plugin.php(524): WP_Hook->do_action()
#12 /evolutiontravel.community/ita/wp-includes/class-wp.php(398): do_action_ref_array()
#13 /evolutiontravel.community/ita/wp-includes/class-wp.php(770): WP->parse_request()
#14 /evolutiontravel.community/ita/wp-includes/functions.php(1330): WP->main()
#15 /evolutiontravel.community/ita/wp-blog-header.php(16): wp()
#16 /evolutiontravel.community/ita/index.php(17): require(‘…’)
#17 {main}
thrown in /evolutiontravel.community/ita/wp-content/plugins/woocommerce/src/Admin/API/Reports/PerformanceIndicators/Controller.php on line 150`
Disabling jwt-auth the etitor works again.
You get this issue by useing php8.0.x, with php7.4 we don’t have problems.