Can I authenticate with both WooCommerce consumer key and JWT?

I want to authenticate against both:

  • the WooCommerce consumer key, for system queries and
  • JSON Web Tokens (JWT), for user queries

I have installed JWT Authentication for WP REST API. But after activating the plugin, previously working queries (that use the WooCommerce consumer key for authentication) fail with:

{'code': 'jwt_auth_bad_auth_header',
 'data': {'status': 403},
 'message': 'Authorization header malformed.'}

How can I configure WordPress / the JWT plugin so that they succeed?

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

Yes this is possible by structuring your requests appropriately.

For system requests use OAuth 1.0 (consumer key as before), but encode it to include the OAuth credentials in the URL not in the headers. Having the OAuth credentials in the Authorisation header triggers the JWT error.

GET https://DOMAIN/wp-json/wc/v1/subscriptions
* Authorization: `OAuth 1.0`
  * Consumer key: FILLED IN
  * Consumer secret: FILLED IN
  * Other fields: blank
* Headers: blank
* Body: blank

To request a token (for a user-based query), you don’t use authorization, you include the user credentials in the body:

POST https://DOMAIN/wp-json/jwt-auth/v1/token
* Authorization: `No Auth`
* Headers: blank
* Body: `form-data`
  * key: username, value: test
  * key: password, value: test

Once you have the token, you can add it to the Authentication header per JWT requirements.

To test these queries, it’s easiest to use a dedicated tool like httpie or Postman.


Solution 2

I have faced the same issue. Jwt Authentication for wp api and woocommerce api not working along with in ionic3 and woocommerce.
I have figured out the issue and done the following

Go to -> plugins/jwt-authentication-for-wp-rest-api/includes/class-jwt-auth.php

search for the function define_public_hooks() and comment last two lines

private function define_public_hooks()
    $plugin_public = new Jwt_Auth_Public($this->get_plugin_name(), $this->get_version());
    $this->loader->add_action('rest_api_init', $plugin_public, 'add_api_routes');
    $this->loader->add_filter('rest_api_init', $plugin_public, 'add_cors_support');
    //$this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);
    //$this->loader->add_filter( 'rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2 );

Thanks, enjoy.

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply