400 Bad Request widh Authorization+JWT


We’re having an issue with requests to the server that include an Authorization header with a JWT token. The responses always return as 400 Bad Request.

After searching there was a similar issue, whose solution isn’t an option for us, because it relies on controlling the back-end serving the tokens.

The strange part is that on one of the sub-domains the requests go through without any issue, but they do not on the other. In terms of the target system everything looks the same. We’re searching, but getting out of ideas. If you have any insight that might help, it is much appreciated.


I’m posting for future reference. As it turns out the issue was related to a collision between to auth systems. The site had Basic Auth and rewriting the token to authorize with JWT broke that initial validation by the server. Removing Basic Auth resolved the issue.


1 Like