We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Due to stringent business requirements, the whole WordPress instance is protected by HTTP basic authentication on Nginx:
auth_basic "Restricted access | VHOST HTTP AUTH"; auth_basic_user_file /var/.../httpauth;
This conflicts with the module, since both Nginx and JWT expect an Authorization header:
Authorization
authorization: Basic xxxx
authorization: Bearer yyy
I tried to use both the HTTP basic credentials AND the Bearer:
curl -I -v --USER "<nginx-name>:<nginx-pass>" 'https://<domain>/wp-json/wp/v2/posts' -H 'Authorization: Bearer <jwt-token>'
or
curl -I -v 'https://<nginx-name>:<nginx-pass>@<domain>/wp-json/wp/v2/posts' -H 'Authorization: Bearer <jwt-token>'
Both hit a 403 because the Bearer gets priority over HTTP basic credentials, so the request cannot authenticate and Nginx stop it immediately.
As a workaround, I disabled the HTTP basic auth when the request originates from a know origin:
satisfy any; ## skip auth from loopback allow 127.0.0.1; ## skip auth from LAN allow 10.0.0.0/8; allow 172.16.0.0/12; allow 192.168.0.0/16; .... ## Auth auth_basic "Restricted access | VHOST HTTP AUTH"; auth_basic_user_file /var/.../httpauth;
Another idea ( https://stackoverflow.com/a/50971162/1204976 ) would be to pass the token with a different parameter and re-map it via php-fpm:
proxy_set_header Authorization $http_x_api_token;
But, again, I would really like to skip any of this.
Have a look at how WooCommerce uses specialized header: https://woocommerce.github.io/woocommerce-rest-api-docs/#authentication. The module could read the token from a different header first (x-api-jwt-token: xxxx, for example) , then switch to the current behavior if it's not set.
x-api-jwt-token: xxxx
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Prerequisites
Issue
Due to stringent business requirements, the whole WordPress instance is protected by HTTP basic authentication on Nginx:
This conflicts with the module, since both Nginx and JWT expect an
Authorizationheader:authorization: Basic xxxxauthorization: Bearer yyyI tried to use both the HTTP basic credentials AND the Bearer:
or
Both hit a 403 because the Bearer gets priority over HTTP basic credentials, so the request cannot authenticate and Nginx stop it immediately.
Workaround
As a workaround, I disabled the HTTP basic auth when the request originates from a know origin:
Another idea ( https://stackoverflow.com/a/50971162/1204976 ) would be to pass the token with a different parameter and re-map it via php-fpm:
But, again, I would really like to skip any of this.
Suggested action
Have a look at how WooCommerce uses specialized header: https://woocommerce.github.io/woocommerce-rest-api-docs/#authentication. The module could read the token from a different header first (
x-api-jwt-token: xxxx, for example) , then switch to the current behavior if it's not set.The text was updated successfully, but these errors were encountered: