Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JWT: How send authorization in header?

I'm using the JWT (https://github.com/tymondesigns/jwt-auth) to generate session tokens in my API.

I made all relevant settings to work as the author's documentation.

After connecting the session, I make use of a URL to return data of my categories. When I pass the token directly in the URL, it works. As follows:

http://api.domain.com/categories?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9kZXYuaW1pYXZpcFwvYXBpXC9hdXRoXC9hdXRoZW50aWNhdGUiLCJzdWIiOiIxIiwiaWF0IjoxNDIxODQyMzU4LCJleHAiOjE0MjE5Mjg3NTh9.-nqKoARKc2t1bI2j5KFEP_zRU8KCki_dghKe6dtAedY

Only I need to pass the token, in my request on the header, using the Authentication Bearer. But does not work. See how I'm going through:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9kZXYuaW1pYXZpcFwvYXBpXC9hdXRoXC9hdXRoZW50aWNhdGUiLCJzdWIiOiIxIiwiaWF0IjoxNDIxODQyMzU4LCJleHAiOjE0MjE5Mjg3NTh9.-nqKoARKc2t1bI2j5KFEP_zRU8KCki_dghKe6dtAedY

What could be wrong?

In the JWT documentation mentions the use of the form I spent above. But does not work.

like image 203
Valdinei Avatar asked Feb 23 '15 19:02

Valdinei


People also ask

How do I submit auth token in header?

To send a request with the Bearer Token authorization header, you need to make an HTTP request and provide your Bearer Token with the "Authorization: Bearer {token}" header. A Bearer Token is a cryptic string typically generated by the server in response to a login request.

How do I send the authorization header in HTTP?

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource. The Authorization header is usually, but not always, sent after the user agent first attempts to request a protected resource without credentials.

Is it safe to send auth token in header?

In JWT token authentication, the server-provided token should always be sent as a header with the Authorization: Bearer <token> format. The website then should check the validity of the token when a request comes and handle it accordingly. Yes, the use of HTTPS is mandatory.


1 Answers

If you are using Apache, then the headers are probably not coming through, due to this known issue within Symfony

You will need to add the following to your virtual host if this is the case:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
like image 195
tymondesigns Avatar answered Oct 19 '22 03:10

tymondesigns