Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passing Authorization header in requests #54

Closed
kennonb opened this issue May 17, 2014 · 12 comments
Closed

Passing Authorization header in requests #54

kennonb opened this issue May 17, 2014 · 12 comments

Comments

@kennonb
Copy link

kennonb commented May 17, 2014

Ok, so I'm probably missing something, but I figured I might as well ask before I spent too much more time on this.

Here's my routes file.

Route::api( ['version' => 'v1', 'namespace' => 'Api\Controllers', 'protected' => true], function ()
{
    // Route Patterns (All ids must be integers, etc...)
    Route::pattern('id', '[0-9]+');

    // Articles
    Route::group( ['scopes' => 'articles.read'], function ()
    {
        Route::get( '/articles', 'ArticlesController@index' );
        Route::get( '/articles/{id}', 'ArticlesController@show' );
        Route::get( '/articles/{slug}', 'ArticlesController@showBySlug' );
    } );

} );

So I have a very basic route setup here to be protected and tied to the articles.read scope.

I logged in and created an access token with this scope, and then I pass it to the route via an Authorization header in Postman. Doesn't work.

However, if I pass it as POST data with "access_token" it's working and it properly authenticates the request.

Is there something I'm doing incorrectly?

postman

@dannewns
Copy link

I had an issue with this as well, I'm sure I read a blog post or a stack overflow post where someone else had an issue with this header and it turned out symfony was removing them. It wasn't an issue with this Api but a laravel 4 issue I'll see if I can find it.

@harhoo
Copy link

harhoo commented May 21, 2014

Yeah I've just run into this issue. Not sure whether it's Laravel or Apache or PHP that was causing it, but the Authorization header wasn't available. Adding:

RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

To .htaccess fixed it for me.

@hskrasek
Copy link
Member

I had the same issue recently, I also had to use that .htaccess fix. Glad I'm not alone, as for why I didn't report it myself.. Uhhh, busy with work and reddit :P

---Hunter Skrasekhunterskrasek@me.com

On May 21, 2014 at 6:38:40 PM CDT, harhoo notifications@github.com wrote:Yeah I've just run into this issue. Not sure whether it's Laravel or Apache or PHP that was causing it, but the Authorization header wasn't available. Adding: RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] To .htaccess fixed it for me. —Reply to this email directly or view it on GitHub.

@jasonlewis
Copy link
Contributor

Yeah I've been meaning to add a FAQ section on this as the header is
stripped.
On 22 May 2014 09:18, "Hunter Skrasek" notifications@github.com wrote:

I had the same issue recently, I also had to use that .htaccess fix. Glad
I'm not alone, as for why I didn't report it myself.. Uhhh, busy with work
and reddit :P

---Hunter Skrasekhunterskrasek@me.com

On May 21, 2014 at 6:38:40 PM CDT, harhoo notifications@github.com
wrote:Yeah I've just run into this issue. Not sure whether it's Laravel or
Apache or PHP that was causing it, but the Authorization header wasn't
available. Adding: RewriteRule ^ -
[E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] To .htaccess fixed it for me.
—Reply to this email directly or view it on GitHub.


Reply to this email directly or view it on GitHubhttps://github.com//issues/54#issuecomment-43831017
.

@philsturgeon
Copy link

This is related.

thephpleague/oauth2-server@44f51bf

If you're using League then this is fixed. It was fixed in 3.x and 4.x for a while, but the bridge package used here requires 2.1.1, so this 2.1.2 fixes it. :)

@kennonb
Copy link
Author

kennonb commented May 22, 2014

Thanks all. :) Much appreciated.

@dud3
Copy link

dud3 commented Feb 4, 2015

That helped a lot.

@olso
Copy link

olso commented Feb 18, 2015

@harhoo Thank you!

@olso
Copy link

olso commented Feb 18, 2015

@jasonlewis This should be added to wiki imho #54 (comment)

@tonylegrone
Copy link

If I'm not wrong, this issue looks like it's documented here: https://github.com/symfony/HttpFoundation/blob/master/ServerBag.php#L46-L58

It recommends adding a similar rewrite rule and it worked for me.

@tulsidaskhatri
Copy link

tulsidaskhatri commented Jun 11, 2016

@harhoo I tried your solution but I am still get same authentication issue, I don't get that error if I use php artisan serve, but if I try to access it through apache server I get the authentication error. My .htaccess file in public directory:


Options -MultiViews

RewriteEngine On

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

I have spent several hours, I will be very thankful if anyone of you can help me get out of this problem.

@harhoo
Copy link

harhoo commented Jun 12, 2016

Move the auth rule up so it's just below RewriteEngine on. The [L] in your other rule means Last, ie stop processing rules after this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

10 participants