JWT Tokens not recognized on AWS ElasticBeanStalk

I came across this issue while working on moving from a development environment to a near production environment; so I was migrating my Python Flask app from a normal EC2 instance to AWS EB. After deploying the application everything seemed fine; until I started deeper testing of the actual application.

I was constantly getting the following error:

[[email protected] ~]$ curl -k -H "Authorization: Bearer token" http://my-api.elasticbeanstalk.com/api/account/confirmed
{
  "description": "Authorization header was missing",
  "error": "Authorization Required",
  "status_code": 401
}

Finally, after much frustration, redbull and pure determination I found that the authorization headers were not being passed to my application. This is because by default AWS EB’s WSGI configuration has WSGIPassAuthorization set to Off; which means my authorization headers were not being passed at all from the server to the application.

So an easy fix was just to modify /etc/httpd/conf.d/wsgi.conf and add the following in the vhost:

WSGIPassAuthorization On

A quick restart of httpd and now my authenticated API requests are working as expected:

[[email protected] ~]$ curl -k -H "Authorization: Bearer token" http://my-api.elasticbeanstalk.com/api/account/confirmed
{
    "success": 1
}

Please note that modifying the environment on the ec2 instance is not a permanent fix and you should update your EB configuration files to ensure proper configuration.

Write a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.