Can I authenticate with both WooCommerce consumer key and JWT?

I want to authenticate against both:

  • the WooCommerce consumer key, for system queries and
  • JSON Web Tokens (JWT), for user queries

I have installed JWT Authentication for WP REST API. But after activating the plugin, previously working queries (that use the WooCommerce consumer key for authentication) fail with:

{'code': 'jwt_auth_bad_auth_header',
 'data': {'status': 403},
 'message': 'Authorization header malformed.'}

How can I configure WordPress / the JWT plugin so that they succeed?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Yes this is possible by structuring your requests appropriately.

For system requests use OAuth 1.0 (consumer key as before), but encode it to include the OAuth credentials in the URL not in the headers. Having the OAuth credentials in the Authorisation header triggers the JWT error.

GET https://DOMAIN/wp-json/wc/v1/subscriptions
* Authorization: `OAuth 1.0`
  * Consumer key: FILLED IN
  * Consumer secret: FILLED IN
  * Other fields: blank
* Headers: blank
* Body: blank

To request a token (for a user-based query), you don’t use authorization, you include the user credentials in the body:
POST https://DOMAIN/wp-json/jwt-auth/v1/token
* Authorization: `No Auth`
* Headers: blank
* Body: `form-data`
  * key: username, value: test
  * key: password, value: test

Once you have the token, you can add it to the Authentication header per JWT requirements.

To test these queries, it’s easiest to use a dedicated tool like httpie or Postman.

Reference: https://github.com/Tmeister/wp-api-jwt-auth/issues/87

Method 2

I have faced the same issue. Jwt Authentication for wp api and woocommerce api not working along with in ionic3 and woocommerce.
I have figured out the issue and done the following

Go to -> plugins/jwt-authentication-for-wp-rest-api/includes/class-jwt-auth.php

search for the function define_public_hooks() and comment last two lines

private function define_public_hooks()
{
    $plugin_public = new Jwt_Auth_Public($this->get_plugin_name(), $this->get_version());
    $this->loader->add_action('rest_api_init', $plugin_public, 'add_api_routes');
    $this->loader->add_filter('rest_api_init', $plugin_public, 'add_cors_support');
    //$this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);
    //$this->loader->add_filter( 'rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2 );
}

Thanks, enjoy.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments