Request Headers Bag Is Missing Authorization Header in Symfony 2

Symfony 2.3 getRequest()-headers not showing Authorization Bearer Token

It is most likely stripped by Apache. Bearer is not a known scheme, it is sort of proprietary.

Therefore, either you use a custom header, like X-Bearer-Token: 123456789 or you can try to add this rewrite condition in your .htaccess

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Using Autorization header instead of access_token

Had faced the same issue.

Adding

RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

to the virtualhost under Virtualhost tag solved it

Refer this :
Similar issue

Fetching custom Authorization header from incoming PHP request

If you're only going to use Apache you might want to have a look at apache_request_headers().

FOSOAuthServerBundle, Authorization header doesn't work but access_token in query works

Well, I found a solution myself. This could actually be considered a "duplicated" question, but I didn't know it until now. Trying to trace the error, I found that the Authorization header was completely missing in the Symfony profiler (luckily, Symfony sends in the response the profiler URL related to each request). So I searched "symfony missing authorization header" (or something similar, can't remember) and found this:

Request headers bag is missing Authorization header in Symfony 2?

It was mezod's answer the one that worked the best for me. I just put it in Apache's virtual host configuration file and reloaded Apache service. Now it works. No need to put it as 'access_token' request parameter. Authorization header for the win. And by the way, the only thing that worked now was:
Authorization: Bearer 123456789

Yes, with capital B in Bearer. Every other combination (non-capital, OAuth instead of Bearer, only the token itself) failed miserably.

In case someone can't access that link, the thing is to put this in your virtual host configuration file (haven't tried in .htaccess myself yet):

RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

So that's it. I really really hope it helps someone at least half of what it did for me.

Symfony2 security and X-WSSE http header

I'm not sure if you understood the way WSSE works. Your application does not send the headers - the client has to include them in his request.

WSSE authentication is mostly used by API's (i.e. SOAP).

It is somewhat similar to Basic HTTP authentication but provides a little better security.

How do I retrieve basic auth credentials from Symfony's HttpFoundation component?

The values of $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] can be accessed through an instance of Symfony\Component\HttpFoundation\Request in the following manner:

$username = $request->headers->get('php-auth-user');
$password = $request->headers->get('php-auth-pw');

Getting request Authorization header in ZF2 controller

I finally found the answer here:

http://zend-framework-community.634137.n4.nabble.com/HTTP-Digest-authentication-does-not-work-with-PHP-as-CGi-td4658790.html

Had to add the following to the projects .htaccess:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

WSSE auth in Symfony2, how to generate proper headers?

Actually, you should not use a login form to send WSSE headers to your server: a login form will send an HTTP POST request (with POST parameters), but will not modify the HTTP headers, as expected by an WSSE connection.

I am using WSSE with javascript and/or some client like Android applications.

For testing, I use curl in command line, adding wsse-headers in the request.

Here is another question/answer which should help you to manipulate curl, and an helpful javascript wsse generator.