Menu
i´m trying to implement a simple authorization with slim on serverside and angularJS on client side. For Testing the REST APi i´m using a program called Rested for Mac which allows to send rest calls.
I want to deliver, once authorization has completed, at each rest call an jwt token which can than be used within slim to authorize requests for certain paths.
Now i deliver via Rested the following header and body:
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: application/json
Authorization: jwt-test
Accept-Language: de-de
{
"login": "TestLogin",
"password": "TestPassword",
"uuid": "dsfglj45690dfgkl456"
}
And than just print out the whole header:
Slim\Http\Headers Object ( [data:protected] => Array ( [Host] => localhost:8888
[Content-Type] => application/json [Content-Length] => 89 [Connection]
=> keep-alive [Accept] => */* [User-Agent] => Rested/2009 CFNetwork/673.4
Darwin/13.4.0 (x86_64) (iMac13%2C2) [Accept-Language] => de-de [Accept-Encoding]
=> gzip, deflate ) )
As you can see, there is no Authorization within this array.
I also checked this with firefox directly, same results. O can see Authorization string within the request headers with firebug, but it is not in the dumped array at slimframework.
Does anyone has a hint where my problem lies?
Thanks in advance and kind regards
solick
890
To send a GET request with a Bearer Token authorization header, you need to make an HTTP GET request and provide your Bearer Token with the Authorization: Bearer {token} HTTP header.
A Bearer Token is a cryptic string typically generated by the server in response to a login request. The client must send this Bearer Token in the Authorization header on every request it makes to obtain a protected resource. For security reasons, Bearer Tokens are only sent over HTTPS (SSL).
Because I struggled with this too, here is what I found as described here in the Slim documentation, without the need to add anything to the .htaccess file
$request->getHeader("Authorization");
Basic authentication header should look something like this.
Authorization: Basic cm9vdDp0MDBy
The string after Basic is constructed by combining username and password into a string like username:password. Resulting string is then encoded using base64.
You are sending header to webserver which PHP will not parse. Not sure if this is considered bug or a feature.
Authorization: jwt-test
With current version of Slim if you add the following to .htaccess file.
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
You can then access even non standard header with any of these.
var_dump($_SERVER["HTTP_AUTHORIZATION"]);
var_dump(apache_request_headers()["Authorization"]);
var_dump($app->request->headers("Authorization"));
It gives the following result:
string 'jwt-test' (length=8)
string 'jwt-test' (length=8)
string 'jwt-test' (length=8)
You could also use some other header name such as X-Authorization.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
