How to Include Authorization Header in Curl Post Http Request in PHP

  • Home
  • Languages
  • PHP
  • How to Include Authorization Header in Curl Post Http Request in PHP

How to include Authorization header in cURL POST HTTP Request in PHP?

@jason-mccreary is totally right. Besides I recommend you this code to get more info in case of malfunction:

$rest = curl_exec($crl);

if ($rest === false)
{
    // throw new Exception('Curl error: ' . curl_error($crl));
    print_r('Curl error: ' . curl_error($crl));
}

curl_close($crl);
print_r($rest);

EDIT 1

To debug you can set CURLOPT_HEADER to true to check HTTP response with firebug::net or similar.

curl_setopt($crl, CURLOPT_HEADER, true);

EDIT 2

About Curl error: SSL certificate problem, verify that the CA cert is OK try adding this headers (just to debug, in a production enviroment you should keep these options in true):

curl_setopt($crl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($crl, CURLOPT_SSL_VERIFYPEER, false);

Sending auth in headers php curl

In order to get custom headers into your curl you should do something like the following:

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
  'Some_custom_header: 0',
  'Another_custom_header: 143444,12'
));

Therefore the following should work in your case (given X-abc-AUTH is the only header you need to send over):

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
  'X-abc-AUTH: 123456789' // you can replace this with your $auth variable
));

If you need additional custom headers, all you have to do is add on to the array within the curl_setopt.

I hope this helps :)

How to add an Authorization header to a HTTP request with file_get_contents()?

According to the OAuth 1.0a spec

The OAuth Protocol Parameters are sent in the Authorization header the following way:

  1. Parameter names and values are encoded per Parameter Encoding.

  2. For each parameter, the name is immediately followed by an '=' character (ASCII code 61), a '"' character (ASCII code 34), the parameter value (MAY be empty), and another '"' character (ASCII code 34).

  3. Parameters are separated by a comma character (ASCII code 44) and OPTIONAL linear whitespace per [RFC2617].

  4. The OPTIONAL realm parameter is added and interpreted per [RFC2617], section 1.2.

One issue is that you're inserting \n (LF) characters into your header string, which isn't allowed according to RFC2617. You also seem to be missing a comma after you oauth_token. It's also unclear if you're properly encoding your parameters.

I think an easier way to avoid making these mistakes could be to either use something like http_build_query and pass PHP_QUERY_RFC3986 as the enc_type paremeter to be compliant with RFC3986, which is what OAuth 1.0a states it follows, or you could just set the parameters in a separate array and array_map to encode them yourself.

$params = [
    "realm"                  => $realm, /* optional */
    "oauth_consumer_key"     => $key,
    "oauth_token"            => $token,
    "oauth_signature_method" => $sigmeth,
    "oauth_timestamp"        => $timestamp,
    "oauth_nonce"            => $nonce,
    "oauth_signature"        => $sig,
];

option 1

/* This will give you the proper encoded string to include in your Authorization header */
$params = http_build_query($params, null, ',', PHP_QUERY_RFC3986);    

$opts = ["http" => ["header" => "Authorization: OAuth " . $params]];

$context = stream_context_create($opts);
$data = file_get_contents($url, false, $context);

option 2

$params = implode(',',array_map(function($v,$k) {
    return $k . '="' . rawurlencode($v) . '"';
}, $params, array_keys($params)));

$opts = ["http" => ["header" => "Authorization: OAuth " . $params]];

$context = stream_context_create($opts);
$data = file_get_contents($url, false, $context);

I think option 2 is actually more compliant with OAuth 1, because http_build_query won't quote the parameters. rawurlencode will be compliant with RFC3986 which should help keep your values properly encoded.

How do I make a request using HTTP basic authentication with PHP curl?

You want this:

curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);

Zend has a REST client and zend_http_client and I'm sure PEAR has some sort of wrapper.
But its easy enough to do on your own.

So the entire request might look something like this:

$ch = curl_init($host);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/xml', $additionalHeaders));
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payloadName);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($ch);
curl_close($ch);

Set Authorization header using PHP and curl

The Authorization header isn't included in PHP's $_SERVER variable. To properly debug a request you should use apache_request_headers() which shows we were sending the Authorization header exactly as we wanted.

The problem then moved on to figuring out exactly what to put in the Authorization header given some pretty bad documentation.


Related Topics

Checking If Your Code Is Running on 64-Bit PHP

Php: Static and Non Static Functions and Objects

Soap-Error: Parsing Wsdl: Couldn't Load from <Url>

Ajax Call with Contenttype: 'Application/JSON' Not Working

Warning: MySQLi_Query(): Couldn't Fetch MySQLi

PHP Check Value Against Multiple Values with Or-Operator

How to Resolve "Must Be an Instance of String, String Given" Prior to PHP 7

PHP Validate Integer

Codeigniter Mssql Connection

How to Get Common Values from Two Different Arrays in PHP

String Contains Any Items in an Array (Case Insensitive)

How to Solve General Error: 2006 MySQL Server Has Gone Away

Calculate Text Diffs in PHP

How to Use Dom PHP Parser

PHP Production Server - Turn on Error Messages

Php, Simplexml, Decoding Entities in Cdata

Creating Anonymous Objects in PHP

PHP 7.4 Deprecated Get_Magic_Quotes_Gpc Function Alternative


Leave a reply



Submit