I had a beautiful time today trying to figure out why JWT authentication was not working in my server.
Surprisingly I found little information about it in the Internet.
I was using Flask locally and the application worked wonderfully. However, when I tried to test the application in a server, I got the following error:
The error message in the server was clear: the access token was not present in the request.
How was it possible? My script to test the API endpoints was sending the Authorization header correctly:
And the headers were being received in the local server:
Unluckily, this time finding the problem was not as easy as googling the error that I received either on the server or on the client side.
After reading some documentation I found out that the authorisation header is not passed through to WSGI applications by default for security reasons.
But the fix is very simple, you just have to use the WSGIPassAuthorization directive:
This is an example of apache configuration file using this directive:
I hope this helps anyone googling these errors or at least helps me not forget about this next time :)