Authorization Test Has Failed

[awsamuel]

hi! I'm on WordPress 6.7.1 with WPEngine as my host. They don't allow use .htaccess anymore and I haven't been able to resolve the "Authorization Test Failed" error.

The WPEngine team made the following effort:

Since .htaccess is no longer read on our platform, we've gone ahead and applied an Nginx variation to what you were looking to apply:

if ($http_authorization ~ "^(.*)"){
set $rule_0 1;
}
if ($rule_0 = "1"){
set $http_authorization %1;
}

But that hasn't changed the result. Any suggestions?

Note that I haven't changed to an indiweb-friendly theme yet (I'm on Divi) because this is my main and very long-running website and switching themes would be a monumental process, so first I'm trying to see how this shakes out on my existing theme.

Thanks in advance for any suggestions on next steps.

[dshanske]

I'm an nginx user. I've never had to do an override. Do they have any security that would filter that header? Happy to talk to them about it.

[awsamuel]

Thanks for your very quick response! Well, I'm officially mystified. My inclination is to ignore the site health warning and see if I can get up and running despite that warning....but if that's hopeless, thanks in advance for warning me off. I'm not sure what my next step would be to get this resolved, though.

[dshanske]

Why don't you try logging into something using IndieAuth? Like Indielogin?

[awsamuel]

brilliant test! and yep, that failed.

OK, this was my second adventure in trying the indieweb approach but I think it's time for me to back away slowly before I fall into a troubleshooting abyss. I think I'm going to revert to Jetpack Social and try Indieweb again when I'm not in my crunch season. Thanks for your efforts at sorting me out!

[awsamuel]

Sadly it's still not working. Any suggested next steps? I'm stumped.

[dshanske]

Do you have what WPEngine told you?

[awsamuel]

WPEngine said...

Since .htaccess is no longer read on our platform, we've gone ahead and applied an Nginx variation to what you were looking to apply:

if ($http_authorization ~ "^(.*)"){
set $rule_0 1;
}
if ($rule_0 = "1"){
set $http_authorization %1;
}

---

Now I think I should acknowledge that if they've done something that looks correct to you, and if you're saying nginx usually is a non-issue, my bet is one of the following:

1. I have missed some incredibly basic step in this whole process (installed indieweb plugins? check. added rel="me" links to headers? check. linked back to my website from my social web accounts? yes, at least for mastodon and bluesky (and note that I just updated mastodon to point too www instead of just /alexandrasamuel because my website is set to redirect everything to www)
2. I have some extension or theme indiosyncracy that conflicts with the indieauth plugin/process. Not sure what that might be, but I have been running this site for 20+ years and even though it's had a few good cleanouts there are a million weird little things. And it's all built in Divi now, which is its own weird little thing.
3. the www vs just /alexandrasamuel.com is causing some issue somewhere

Any thoughts? And thanks so much for your persistence!

[dshanske]

Well, let's run down a few things. What did you set on the IndieAuth settings page?

[awsamuel]

[snapshot here ](https://www.alexandrasamuel.com/wp-content/uploads/2025/01/indieauthsnap.png

Set user to represent site URL (me)
left web sign-in unchecked
left token expiration at 0

[dshanske]

Also, not the only plugin having issues with passing authorization headers... Tmeister/wp-api-jwt-auth#1

[dshanske]

And when you go to https://indielogin.com/ and try to log in using your site...what happens?