Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store authorization header for type Bearer #17

Closed
wants to merge 1 commit into from
Closed

Store authorization header for type Bearer #17

wants to merge 1 commit into from

Conversation

dsquier
Copy link
Contributor

@dsquier dsquier commented Dec 20, 2012

When "Basic" Authorization is provided, getHeadersFromServer() populates
globals for use in verifying an OAuth client. When "Bearer"
Authorization is provided, nothing is populated.

This captures the authorization header when "Bearer" Authorization is
provided, which can be used in verifying an access_token per
http://tools.ietf.org/html/rfc6750#section-2.1

@dsquier
Store authorization header for type Bearer
53e4bd9 
When "Basic" Authorization is provided, getHeadersFromServer() populates
globals for use in verifying an OAuth client. When "Bearer"
Authorization is provided, nothing is populated.

This captures the authorization header when "Bearer" Authorization is
provided, which can be used in verifying an access_token per
http://tools.ietf.org/html/rfc6750#section-2.1
@dsquier
Copy link
Contributor Author

dsquier commented Dec 20, 2012

Looking into why this failed the PHP 5.4 test.

@bshaffer
Copy link
Owner

The bearer token is already encoded as part of the Request header (do a var dump on the Request object when the Bearer header token is set). The code you are modifying is only there to cover the multiple ways PHP handles HTTP basic authentication. This takes a header consisting of HTTP_AUTHORIZATION Basic [auth info] and adds it to the PHP_AUTH_USER and PHP_AUTH_PW for consistency.

The Bearer token is pulled from the request here. It does not need specific logic in the Request class.

Is there an issue you have encountered you are trying to fix? if so please file an issue. Thanks!

@bshaffer bshaffer closed this Dec 20, 2012
@dsquier
Copy link
Contributor Author

dsquier commented Dec 22, 2012

In case others encounter this same problem, the root cause of not being able retrieve the access_token from the header turned out to be a (missing) .htaccess entry:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Without this only basic and digest authentication were getting parsed. More details:

http://www.php.net/manual/en/features.http-auth.php#107642

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dsquier @bshaffer