Encoding password field for HTTP Basic Auth

Question

I using PHP cURL to communicate with a Rest API. Most of the functionality is carried out using X-Ephemeral-Tokens, but unfortunately they don't allow delete permissions to be given through these, so I am having to implement a function to delete through HTTP Basic Authentication.

The trouble I'm having is that the password for the testing account is a random string, including multiple special characters (double quotation marks being some of them). I got the request working using the normal cURL binary by surrounding the username:password combination in single quotes (i.e. ') but I'm not sure how to convert this to PHP. The relevant snippet is below.

$curl = curl_init();
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Accept: application/json",
                                              "Content-Type: application/json"));
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, $uname . ":" . $pass);
curl_setopt($curl, CURLOPT_URL, "https://cloud.ravellosystems.com/api/v1/applications/" . $appid);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
$result = curl_exec($curl);

I've tried various combinations of quotation marks and URL encoding but I still get a response code which indicates the authentication isn't working right.

This is and exmaple HTTP request based on what the API documentation shows for using normal cURL (amended slightly)

curl -v -X DELETE -H "Content-Type: application/json" -H "Accept: application/json" --user [email protected]:password https://cloud.ravellosystems.com/api/v1/applications/414244

Any suggestions on how to get around this greatly appreciated.

Answer 1

Ok so if anyone else has this issue, I've found a solution.

Basically you can see in my code above that I was trying to use the cURL PHP methods to set options for CURLOPT_USERPWD and CURLOPT_HTTPAUTH. However somewhere in this the special characters in the password were causing issues with the parsing and I think only a section of it was actually being taken by the server.

However, all that these options do basically is set an HTTP header, as can be seen in @mpyw screenshots. This is the Authorization header, which is in the format below:

`Authorization: Basic [base64 encoded username:password]`

So I got rid of these options and did it manually, by base64 encoding my username:password string myself and then adding a header.

$auth = base64_encode($uname . ":" . $pass);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: Basic $auth",
                                              "Accept: application/json",
                                              "Content-Type: application/json"));

Now it all works fine! Thanks to the guys who posted answers - both of you contributed to me coming up with the workaround.