Menu
I am passing an Authorization: Bearer { Token } as a HTTP request to my Symfony Rest Controller.
My Request:
GET /app_dev.php/api/members HTTP/1.1
Host: localhost
Authorization: Bearer 123456789
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Inside My controller:
$this->getRequest()->headers;
For some reason when I use Symfony's Request method the Authorization header isn't available to my controller. When I use PHP's getallheaders() the Authorization header shows up as expected. Any Ideas on why Symfony isn't seeing it?
Thanks
705
You can say $request->headers->get ('Authorization'). That’s going to get you the actual raw token ABCD123 type of thing:
The job of the listener is to look at the request object and get the token information off of it. And hey, since we’re sending the token on the Authorization header, we are going to look for it there. So let’s get rid of this hard coded text and instead go get that Authorization header. You can say $request->headers->get ('Authorization').
The guts for getting this all working can be complicated, but the end result is so simple: send an Authorization header with the api token and use that to look in your database and figure out which User object if any this token is attached to.
So you can imagine a big table full of tokens and each token is related to exactly one user. For example, if we look up the entry in the token table, we can figure out “yes” this is a valid token and it is a valid token for a user whose id is 5.
It is most likely stripped by Apache. Bearer is not a known scheme, it is sort of proprietary.
Therefore, either you use a custom header, like X-Bearer-Token: 123456789 or you can try to add this rewrite condition in your .htaccess
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
