-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Closed
Description
Ok, so I'm probably missing something, but I figured I might as well ask before I spent too much more time on this.
Here's my routes file.
Route::api( ['version' => 'v1', 'namespace' => 'Api\Controllers', 'protected' => true], function ()
{
// Route Patterns (All ids must be integers, etc...)
Route::pattern('id', '[0-9]+');
// Articles
Route::group( ['scopes' => 'articles.read'], function ()
{
Route::get( '/articles', 'ArticlesController@index' );
Route::get( '/articles/{id}', 'ArticlesController@show' );
Route::get( '/articles/{slug}', 'ArticlesController@showBySlug' );
} );
} );
So I have a very basic route setup here to be protected and tied to the articles.read scope.
I logged in and created an access token with this scope, and then I pass it to the route via an Authorization header in Postman. Doesn't work.
However, if I pass it as POST data with "access_token" it's working and it properly authenticates the request.
Is there something I'm doing incorrectly?
Activity
dannewns commentedon May 19, 2014
I had an issue with this as well, I'm sure I read a blog post or a stack overflow post where someone else had an issue with this header and it turned out symfony was removing them. It wasn't an issue with this Api but a laravel 4 issue I'll see if I can find it.
harhoo commentedon May 21, 2014
Yeah I've just run into this issue. Not sure whether it's Laravel or Apache or PHP that was causing it, but the Authorization header wasn't available. Adding:
To .htaccess fixed it for me.
hskrasek commentedon May 21, 2014
I had the same issue recently, I also had to use that .htaccess fix. Glad I'm not alone, as for why I didn't report it myself.. Uhhh, busy with work and reddit :P
---Hunter Skrasekhunterskrasek@me.com
On May 21, 2014 at 6:38:40 PM CDT, harhoo notifications@github.com wrote:Yeah I've just run into this issue. Not sure whether it's Laravel or Apache or PHP that was causing it, but the Authorization header wasn't available. Adding: RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] To .htaccess fixed it for me. —Reply to this email directly or view it on GitHub.
jasonlewis commentedon May 21, 2014
Yeah I've been meaning to add a FAQ section on this as the header is
stripped.
On 22 May 2014 09:18, "Hunter Skrasek" notifications@github.com wrote:
philsturgeon commentedon May 22, 2014
This is related.
thephpleague/oauth2-server@44f51bf
If you're using League then this is fixed. It was fixed in 3.x and 4.x for a while, but the bridge package used here requires 2.1.1, so this 2.1.2 fixes it. :)
kennonb commentedon May 22, 2014
Thanks all. :) Much appreciated.
dud3 commentedon Feb 4, 2015
That helped a lot.
olso commentedon Feb 18, 2015
@harhoo Thank you!
olso commentedon Feb 18, 2015
@jasonlewis This should be added to wiki imho #54 (comment)
tonylegrone commentedon Sep 9, 2015
If I'm not wrong, this issue looks like it's documented here: https://github.com/symfony/HttpFoundation/blob/master/ServerBag.php#L46-L58
It recommends adding a similar rewrite rule and it worked for me.
tulsidaskhatri commentedon Jun 11, 2016
@harhoo I tried your solution but I am still get same authentication issue, I don't get that error if I use php artisan serve, but if I try to access it through apache server I get the authentication error. My .htaccess file in public directory:
Options -MultiViews
I have spent several hours, I will be very thankful if anyone of you can help me get out of this problem.
harhoo commentedon Jun 12, 2016
Move the auth rule up so it's just below RewriteEngine on. The [L] in your other rule means Last, ie stop processing rules after this.