Site icon Code Solution

Can I authenticate with both WooCommerce consumer key and JWT?

The question:

I want to authenticate against both:

  • the WooCommerce consumer key, for system queries and
  • JSON Web Tokens (JWT), for user queries

I have installed JWT Authentication for WP REST API. But after activating the plugin, previously working queries (that use the WooCommerce consumer key for authentication) fail with:

{'code': 'jwt_auth_bad_auth_header',
 'data': {'status': 403},
 'message': 'Authorization header malformed.'}

How can I configure WordPress / the JWT plugin so that they succeed?

The Solutions:

Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.

Method 1

Yes this is possible by structuring your requests appropriately.

For system requests use OAuth 1.0 (consumer key as before), but encode it to include the OAuth credentials in the URL not in the headers. Having the OAuth credentials in the Authorisation header triggers the JWT error.

GET https://DOMAIN/wp-json/wc/v1/subscriptions
* Authorization: `OAuth 1.0`
  * Consumer key: FILLED IN
  * Consumer secret: FILLED IN
  * Other fields: blank
* Headers: blank
* Body: blank

To request a token (for a user-based query), you don’t use authorization, you include the user credentials in the body:

POST https://DOMAIN/wp-json/jwt-auth/v1/token
* Authorization: `No Auth`
* Headers: blank
* Body: `form-data`
  * key: username, value: test
  * key: password, value: test

Once you have the token, you can add it to the Authentication header per JWT requirements.

To test these queries, it’s easiest to use a dedicated tool like httpie or Postman.


Method 2

I have faced the same issue. Jwt Authentication for wp api and woocommerce api not working along with in ionic3 and woocommerce.
I have figured out the issue and done the following

Go to -> plugins/jwt-authentication-for-wp-rest-api/includes/class-jwt-auth.php

search for the function define_public_hooks() and comment last two lines

private function define_public_hooks()
    $plugin_public = new Jwt_Auth_Public($this->get_plugin_name(), $this->get_version());
    $this->loader->add_action('rest_api_init', $plugin_public, 'add_api_routes');
    $this->loader->add_filter('rest_api_init', $plugin_public, 'add_cors_support');
    //$this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);
    //$this->loader->add_filter( 'rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2 );

Thanks, enjoy.

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Exit mobile version