Symfony 2.3 getRequest()-headers not showing Authorization Bearer Token
It is most likely stripped by Apache. Bearer
is not a known scheme, it is sort of proprietary.
Therefore, either you use a custom header, like X-Bearer-Token: 123456789
or you can try to add this rewrite condition in your .htaccess
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
Using Autorization header instead of access_token
Had faced the same issue.
Adding
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
to the virtualhost under Virtualhost tag solved it
Refer this :
Similar issue
Fetching custom Authorization header from incoming PHP request
If you're only going to use Apache you might want to have a look at apache_request_headers()
.
FOSOAuthServerBundle, Authorization header doesn't work but access_token in query works
Well, I found a solution myself. This could actually be considered a "duplicated" question, but I didn't know it until now. Trying to trace the error, I found that the Authorization header was completely missing in the Symfony profiler (luckily, Symfony sends in the response the profiler URL related to each request). So I searched "symfony missing authorization header" (or something similar, can't remember) and found this:
Request headers bag is missing Authorization header in Symfony 2?
It was mezod's answer the one that worked the best for me. I just put it in Apache's virtual host configuration file and reloaded Apache service. Now it works. No need to put it as 'access_token' request parameter. Authorization header for the win. And by the way, the only thing that worked now was:Authorization: Bearer 123456789
Yes, with capital B in Bearer. Every other combination (non-capital, OAuth instead of Bearer, only the token itself) failed miserably.
In case someone can't access that link, the thing is to put this in your virtual host configuration file (haven't tried in .htaccess myself yet):
RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
So that's it. I really really hope it helps someone at least half of what it did for me.
Symfony2 security and X-WSSE http header
I'm not sure if you understood the way WSSE
works. Your application does not send the headers - the client has to include them in his request.
WSSE
authentication is mostly used by API's (i.e. SOAP).
It is somewhat similar to Basic HTTP authentication but provides a little better security.
Read more about it here.
In order to authenticate your client (browser,application,etc) has to provide the WSSE authentication headers in the HTTP request.
The authentication headers can be generated with the JavaScript WSSE Header Generator
You can simulate a request with a WSSE header from a browser plugin like:
- Rest Console (Chrome)
- Rest Client (Firefox)
- Modheader (Chrome)
- ModifyHeaders (Firefox)
How do I retrieve basic auth credentials from Symfony's HttpFoundation component?
The values of $_SERVER['PHP_AUTH_USER']
and $_SERVER['PHP_AUTH_PW']
can be accessed through an instance of Symfony\Component\HttpFoundation\Request
in the following manner:
$username = $request->headers->get('php-auth-user');
$password = $request->headers->get('php-auth-pw');
Getting request Authorization header in ZF2 controller
I finally found the answer here:
http://zend-framework-community.634137.n4.nabble.com/HTTP-Digest-authentication-does-not-work-with-PHP-as-CGi-td4658790.html
Had to add the following to the projects .htaccess:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
WSSE auth in Symfony2, how to generate proper headers?
Actually, you should not use a login form to send WSSE headers to your server: a login form will send an HTTP POST request (with POST parameters), but will not modify the HTTP headers, as expected by an WSSE connection.
I am using WSSE with javascript and/or some client like Android applications.
For testing, I use curl in command line, adding wsse-headers in the request.
Here is another question/answer which should help you to manipulate curl, and an helpful javascript wsse generator.
Related Topics
Simple PHP SQL Login Troubleshooting
How Follow the Don't Repeat Yourself Principle When Consuming My Own Laravel API
How to Pass Arguments to My Function Through Add_Action
How to Display Unicode Data with PHP
How to Pass Parameters by Reference Using Call_User_Func_Array()
Improve Password Hashing with a Random Salt
Handling Big User Ids Returned by Fql in PHP
Codeigniter Default Controller in a Sub Directory Not Working
PHP Regex Delimiter, What's the Point
Get Woocommerce Product Categories from Wordpress
How to Get the Subversion Revision Number in PHP
How to Get Greenwich Mean Time in PHP
Regex to Detect Invalid Utf-8 String
MySQL Performance - "In" Clause VS. Equals (=) for a Single Value
Difference Between PHP Echo and Return in Terms of a Jquery Ajax Call