Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JWT: How send authorization in header?

Tags:

rest

php

token

laravel

jwt

I'm using the JWT (https://github.com/tymondesigns/jwt-auth) to generate session tokens in my API.

I made all relevant settings to work as the author's documentation.

After connecting the session, I make use of a URL to return data of my categories. When I pass the token directly in the URL, it works. As follows:

http://api.domain.com/categories?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9kZXYuaW1pYXZpcFwvYXBpXC9hdXRoXC9hdXRoZW50aWNhdGUiLCJzdWIiOiIxIiwiaWF0IjoxNDIxODQyMzU4LCJleHAiOjE0MjE5Mjg3NTh9.-nqKoARKc2t1bI2j5KFEP_zRU8KCki_dghKe6dtAedY

Only I need to pass the token, in my request on the header, using the Authentication Bearer. But does not work. See how I'm going through:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9kZXYuaW1pYXZpcFwvYXBpXC9hdXRoXC9hdXRoZW50aWNhdGUiLCJzdWIiOiIxIiwiaWF0IjoxNDIxODQyMzU4LCJleHAiOjE0MjE5Mjg3NTh9.-nqKoARKc2t1bI2j5KFEP_zRU8KCki_dghKe6dtAedY

What could be wrong?

In the JWT documentation mentions the use of the form I spent above. But does not work.

like image 203
Valdinei Avatar asked Feb 23 '15 19:02

Valdinei

People also ask

How do I submit auth token in header?

To send a request with the Bearer Token authorization header, you need to make an HTTP request and provide your Bearer Token with the "Authorization: Bearer {token}" header. A Bearer Token is a cryptic string typically generated by the server in response to a login request.

How do I send the authorization header in HTTP?

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource. The Authorization header is usually, but not always, sent after the user agent first attempts to request a protected resource without credentials.

Is it safe to send auth token in header?

In JWT token authentication, the server-provided token should always be sent as a header with the Authorization: Bearer <token> format. The website then should check the validity of the token when a request comes and handle it accordingly. Yes, the use of HTTPS is mandatory.

1 Answers

If you are using Apache, then the headers are probably not coming through, due to this known issue within Symfony

You will need to add the following to your virtual host if this is the case:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
like image 195
tymondesigns Avatar answered Oct 19 '22 03:10

tymondesigns
Sign in to Comment

Related questions

what is Yii::app() in php framework yii
WordPress ajax function in child class
php5_invoke xdebug: no action - module was disabled by maintainer for apache2 SAPI
Symfony REST file upload over PUT method
Get version of Composer package(s) in PHP, without using the command line
How can I manually interpolate a string? [duplicate]
Laravel - Eloquent converts query parameter to integer before comparison
Laravel, call filter in filter
In what cases can the laravel's eloquent collection save() go wrong?
Use SESSIONS variables between different php files
Sending email notifications for Events via Google Calendar API
Sanitizing data in Yii 2 - Built in or extension?
Showing blank rows for filters in Yii2.0 with GridView
composer install fails when unable to see mysql database
Separating business logic from PHP Doctrine 2
Symfony2 Lazy Services When to use?
Symfony routing - locale as subdomain with fallback to default
How to create a form with multiple rows of one entity in Symfony2
yii2 POST parameters mapping
laravel: config file name convention?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!