invalid-secret-key | Algorithm not allowed

[ivanrubberduck]

Hi team, when I make a request I receive the below error but I configured the plugin correctly as per the documentation:

Do you have any idea why this is happening?

I am using the latest Grahpql version and the latest JWT auth version as well. I added in my function the below code:

add_filter( 'graphql_jwt_auth_secret_key', function() { return env("AUTH_KEY"); });

And populated the AUTH_KEY from https://api.wordpress.org/secret-key/1.1/salt/

In the headers I am sending the token as per the documentation:

[webdevi121]

Hi @ivanrubberduck

I also have the same issue right now when updating users. Have you found any answers yet?

[ryancheta]

Any updates on this? Anyone?

[andrewgolovanov]

I'm getting the same error

PHP: 8.2
Wordpress: 6.5.3
WPGraphQL: 1.18.1
WPGraphQL JWT Authentication: 0.7.0

[andrewgolovanov]

@webdevi121 @ryancheta

I ended up getting rid of this problem with this solution - #165 (comment)

[ivanrubberduck]

Hey everybody, I managed to fix it the following way:

/**
 * JWT uses a Secret defined on the server to validate the signing of tokens.
 * It's recommended that you use something like the WordPress Salt
 * generator (https://api.wordpress.org/secret-key/1.1/salt/) to generate a Secret.
 */

I added define('GRAPHQL_JWT_AUTH_SECRET_KEY', 'AUTH_KEY'); in my wp-config.php file BUT it is super important to add it above

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}

Your wp-config.php file should look something like that:

define('GRAPHQL_JWT_AUTH_SECRET_KEY', 'b5$RIQEcU&j{}v$YDsfQ<B,V(IOa=DuSuS?93OP-+A,{o5/<85-(gw(=@8In=x1W');

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';