I want to authenticate against both:
- the WooCommerce consumer key, for system queries and
- JSON Web Tokens (JWT), for user queries
I have installed JWT Authentication for WP REST API. But after activating the plugin, previously working queries (that use the WooCommerce consumer key for authentication) fail with:
{'code': 'jwt_auth_bad_auth_header',
'data': {'status': 403},
'message': 'Authorization header malformed.'}
How can I configure WordPress / the JWT plugin so that they succeed?
2 Answers
Yes this is possible by structuring your requests appropriately.
For system requests use OAuth 1.0 (consumer key as before), but encode it to include the OAuth credentials in the URL not in the headers. Having the OAuth credentials in the Authorisation header triggers the JWT error.
GET https://DOMAIN/wp-json/wc/v1/subscriptions
* Authorization: `OAuth 1.0`
* Consumer key: FILLED IN
* Consumer secret: FILLED IN
* Other fields: blank
* Headers: blank
* Body: blank
To request a token (for a user-based query), you don’t use authorization, you include the user credentials in the body:
POST https://DOMAIN/wp-json/jwt-auth/v1/token
* Authorization: `No Auth`
* Headers: blank
* Body: `form-data`
* key: username, value: test
* key: password, value: test
Once you have the token, you can add it to the Authentication header per JWT requirements.
To test these queries, it’s easiest to use a dedicated tool like httpie or Postman.
Reference: https://github.com/Tmeister/wp-api-jwt-auth/issues/87
