How to include Authorization header in cURL POST HTTP Request in PHP?
@jason-mccreary is totally right. Besides I recommend you this code to get more info in case of malfunction:
$rest = curl_exec($crl);
if ($rest === false)
{
// throw new Exception('Curl error: ' . curl_error($crl));
print_r('Curl error: ' . curl_error($crl));
}
curl_close($crl);
print_r($rest);
EDIT 1
To debug you can set CURLOPT_HEADER
to true to check HTTP response with firebug::net or similar.
curl_setopt($crl, CURLOPT_HEADER, true);
EDIT 2
About Curl error: SSL certificate problem, verify that the CA cert is OK
try adding this headers (just to debug, in a production enviroment you should keep these options in true
):
curl_setopt($crl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($crl, CURLOPT_SSL_VERIFYPEER, false);
Sending auth in headers php curl
In order to get custom headers into your curl you should do something like the following:
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Some_custom_header: 0',
'Another_custom_header: 143444,12'
));
Therefore the following should work in your case (given X-abc-AUTH is the only header you need to send over):
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'X-abc-AUTH: 123456789' // you can replace this with your $auth variable
));
If you need additional custom headers, all you have to do is add on to the array within the curl_setopt.
I hope this helps :)
How to add an Authorization header to a HTTP request with file_get_contents()?
According to the OAuth 1.0a spec
The OAuth Protocol Parameters are sent in the Authorization header the following way:
Parameter names and values are encoded per Parameter Encoding.
For each parameter, the name is immediately followed by an '=' character (ASCII code 61), a '"' character (ASCII code 34), the parameter value (MAY be empty), and another '"' character (ASCII code 34).
Parameters are separated by a comma character (ASCII code 44) and OPTIONAL linear whitespace per [RFC2617].
The OPTIONAL realm parameter is added and interpreted per [RFC2617], section 1.2.
One issue is that you're inserting \n
(LF) characters into your header string, which isn't allowed according to RFC2617. You also seem to be missing a comma after you oauth_token
. It's also unclear if you're properly encoding your parameters.
I think an easier way to avoid making these mistakes could be to either use something like http_build_query
and pass PHP_QUERY_RFC3986
as the enc_type paremeter to be compliant with RFC3986, which is what OAuth 1.0a states it follows, or you could just set the parameters in a separate array and array_map
to encode them yourself.
$params = [
"realm" => $realm, /* optional */
"oauth_consumer_key" => $key,
"oauth_token" => $token,
"oauth_signature_method" => $sigmeth,
"oauth_timestamp" => $timestamp,
"oauth_nonce" => $nonce,
"oauth_signature" => $sig,
];
option 1
/* This will give you the proper encoded string to include in your Authorization header */
$params = http_build_query($params, null, ',', PHP_QUERY_RFC3986);
$opts = ["http" => ["header" => "Authorization: OAuth " . $params]];
$context = stream_context_create($opts);
$data = file_get_contents($url, false, $context);
option 2
$params = implode(',',array_map(function($v,$k) {
return $k . '="' . rawurlencode($v) . '"';
}, $params, array_keys($params)));
$opts = ["http" => ["header" => "Authorization: OAuth " . $params]];
$context = stream_context_create($opts);
$data = file_get_contents($url, false, $context);
I think option 2 is actually more compliant with OAuth 1, because http_build_query
won't quote the parameters. rawurlencode
will be compliant with RFC3986 which should help keep your values properly encoded.
How do I make a request using HTTP basic authentication with PHP curl?
You want this:
curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);
Zend has a REST client and zend_http_client and I'm sure PEAR has some sort of wrapper.
But its easy enough to do on your own.
So the entire request might look something like this:
$ch = curl_init($host);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/xml', $additionalHeaders));
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payloadName);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($ch);
curl_close($ch);
Set Authorization header using PHP and curl
The Authorization
header isn't included in PHP's $_SERVER
variable. To properly debug a request you should use apache_request_headers()
which shows we were sending the Authorization
header exactly as we wanted.
The problem then moved on to figuring out exactly what to put in the Authorization
header given some pretty bad documentation.
Related Topics
Checking If Your Code Is Running on 64-Bit PHP
Php: Static and Non Static Functions and Objects
Soap-Error: Parsing Wsdl: Couldn't Load from <Url>
Ajax Call with Contenttype: 'Application/JSON' Not Working
Warning: MySQLi_Query(): Couldn't Fetch MySQLi
PHP Check Value Against Multiple Values with Or-Operator
How to Resolve "Must Be an Instance of String, String Given" Prior to PHP 7
How to Get Common Values from Two Different Arrays in PHP
String Contains Any Items in an Array (Case Insensitive)
How to Solve General Error: 2006 MySQL Server Has Gone Away
PHP Production Server - Turn on Error Messages
Php, Simplexml, Decoding Entities in Cdata
Creating Anonymous Objects in PHP
PHP 7.4 Deprecated Get_Magic_Quotes_Gpc Function Alternative