|
amcfamily
|
June 3, 2020 at 8:10 am
We’ve been using the Event Espresso app for a few years, but recently ran into trouble. When a user tries to log in (on Android or iPhone) it returns a “authorization header malformed” error and returns to the login page. The same user information can log the user into the web site fine. We’re using basic authentication and have the .htaccess “SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1″ line set properly. We’re also using WPEngine. This was working, and I’m not sure where to start checking for what might have changed. Any thoughts as to where to start looking?
|
|
Tony
|
June 3, 2020 at 8:32 am
Hi there,
Looking over your site it looks like you may have this plugin activated:
https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/
Looking over the support threads there are a couple of threads showing this error when using basic auth which is very likely to be related to this issue.
https://wordpress.org/support/topic/error-authorization-header-malformed-jwt_auth_bad_auth_header/
https://wordpress.org/support/topic/fix-basic-authentication-jwt_auth_bad_auth_header-error/
If you disable the above plugin, does the app work as expected then?
|
|
amcfamily
|
June 3, 2020 at 8:44 am
Hi Tony, thanks for the quick response! Yes, disabling that plugin seems to allow the app to authenticate. It’s not a long-term solution, however, as we need to use the JWT authentication plugin for a different mobile app in the near future. Do you know if the “Application Passwords” method of authenticating with the Event Espresso app would bypass this problem?
|
|
Tony
|
June 3, 2020 at 9:11 am
No, I don’t think it would as it’s still using basic auth.
The JWT Auth plugin needs to fix this as it is currently hijacking all requests even those not using JWT / Bearer Tokens.
|
|
amcfamily
|
June 3, 2020 at 9:26 am
Got it, thanks!
|
