Missing Authorization header using JWT

Question

I'm trying to setup JSON Web Tokens to communicate with my php backend from a mobile app. I can request a token just fine. When i need to validate it(or make a request to another endpoint), i setup the Authorization header with the following format:

Bearer <token here>

But for some reason on my backend, $_SERVER['HTTP_AUTHORIZATION'] is not set.

I'm on localhost using Mamp Pro with PHP7. This is a dump for my $_SERVER array:

Array
(
    [SERVER_SOFTWARE] => Apache
    [REQUEST_URI] => /wp-json/jwt-auth/v1/token/validate/
    [REDIRECT_STATUS] => 200
    [HTTP_HOST] => localhost.dev
    [CONTENT_TYPE] => application/x-www-form-urlencoded
    [CONTENT_LENGTH] => 54
    [HTTP_CONNECTION] => keep-alive
    [HTTP_ACCEPT] => */*
    [HTTP_USER_AGENT] => CocoaRestClient/15 CFNetwork/760.2.6 Darwin/15.3.0 (x86_64)
    [HTTP_ACCEPT_LANGUAGE] => en-us
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [PATH] => /usr/bin:/bin:/usr/sbin:/sbin
    [SERVER_SIGNATURE] => 
    [SERVER_NAME] => cloud.iblue.eu
    [SERVER_ADDR] => ::1
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => ::1
    [DOCUMENT_ROOT] => /Applications/MAMP/htdocs/dev
    [SERVER_ADMIN] => you@example.com
    [SCRIPT_FILENAME] => /Applications/MAMP/htdocs/dev/index.php
    [REMOTE_PORT] => 51804
    [REDIRECT_URL] => /wp-json/jwt-auth/v1/token/validate/
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => POST
    [QUERY_STRING] => 
    [SCRIPT_NAME] => /index.php
    [PHP_SELF] => /index.php
    [REQUEST_TIME_FLOAT] => 1459177711.33
    [REQUEST_TIME] => 1459177711
    [argv] => Array
        (
        )

    [argc] => 0
)

When i'm trying to use HTTP Basic authentication with Basic dGVzdEB0ZXN0LmNvbToxMjM0NQ== as the authorization header, it works fine:

[PHP_AUTH_USER] => test@test.com
[PHP_AUTH_PW] => 12345

Any idea whats wrong?

I had to write `RewriteCond %{HTTP:Authorization} .+ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]` in my .htaccess to make Apache set the authorization header. You could try that. — Charlotte Dunois, Mar 28 '16 at 15:15
Thanks, i tried that(following the instructions on https://github.com/Tmeister/wp-api-jwt-auth), sadly its still not working:( — passatgt, Mar 28 '16 at 15:21

score 15 · Accepted Answer · answered Mar 28 '16 at 15:28

15

Ok, i just found the answer here: https://devhacksandgoodies.wordpress.com/2014/06/27/apache-pass-authorization-header-to-phps-_serverhttp_authorization/

So i added the following line to my htaccess file and it fixed my issue:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

answered Mar 28 '16 at 15:28

passatgt

4,234
4
40
54

This works for me as well. Must say I was at a loss why stuff didn't work anymore and my header got lost in translation. – Herbert Van-Vliet Feb 09 '22 at 21:57

score 1 · Answer 2 · answered Sep 09 '20 at 13:07

1

If you use Mamp PRO I found out that you can just add lines in their config editor:

answered Sep 09 '20 at 13:07

KitAndKat

953
3
14
29

Elliott Beach · Answer 3 · 2017-06-22T23:57:07.290

I just had this problem (same plugin!), and solved it by editing the validation function:

// in public/class-jwt-auth-plugin.php
// Check for auth in raw headers without $_SERVER variable (Apache Server).
if ( !$auth && function_exists('getallheaders') ) {
     $headers = getallheaders();
     $auth = isset($headers['Authorization'])
     ? $headers['Authorization'] : false;
}

Although I'm not a PHP expert, I don't see why this code can't be included in the plugin to start with.

Missing Authorization header using JWT

3 Answers3

Linked