I’m having an issue with JWT authentication for the WP REST API in a local development environment set up through DevKinsta. I am using the WPGraphql plugin and trying to make several GraphQL requests from a local Node.js app. The requests work correctly in the internal WPGraphQL IDE but fail when made from the Node.js app. I suspect this is due to the authentication headers not being passed correctly in the request.
When making the request, the response I receive is full of null values, as if the request is not authenticated, though the token used has admin permissions and works correctly when used in the internal WPGraphQL IDE. I have tried using both the fetch and axios libraries for making requests but encounter the same issue with both.
After some research, I came to the conclusion that I need to set the following in my Nginx configuration to enable the Authorization header:
However, when adding these to the server block for my site in the <my-site-name>.conf file, I still encounter the same issue.
Has anyone encountered a similar issue or can provide any guidance on how to correctly pass the Authorization header in requests made from a Node.js app to a WordPress site hosted through DevKinsta?
Hi @ruzicic and welcome to Kinsta Community!
I’ve no experience with it, but I wonder if Nginx is hiding the header does adding the following line make any difference?
All I have to work with are these null fields. Wondering if there’s an easy way to debug into this, as it could be so many different things. Feels like a long journey, as I started going through docker containers behind DevKinsta
Maybe I should reach out to Kinsta support, as I have the same issue in production.
I also tried to search further and found this custom NGINX rule.
Though I’m not sure if that would work properly as expected, maybe you can give it a try and test on your local computer again?
On your initial post, you mentioned:
When making the request, the response I receive is full of null values, as if the request is not authenticated, though the token used has admin permissions and works correctly when used in the internal WPGraphQL IDE.
I’m not quite sure what the exact request command you tried there, and the actual messages/values returned.
I would suggest, maybe you may want to check the file: yoursitename_access.log (inside the ~/DevKinsta/logs subfolder) and try to tailing that log file while you’re making the request, and see if anything logged in there (and perhaps to check and compare them, both when you’re making the requests from WPGraphQL IDE that requests work correctly vs making the same requests from your local Node.js app)?
Maybe I should reach out to Kinsta support, as I have the same issue in production.
If it’s still not working properly as expected, we would recommend to reach out to the plugin’s support team perhaps - in case they can suggest the proper/correct NGINX rule to be setup, so that our support team can also try to apply the same required NGINX custom rule on the server side and see if that will help to solve the issue on your production site.
does adding the following line make any difference?
and as I far as I could see, that header: