Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to retrieve access_token using getAccessTokenParameter with Bearer Authorization #19

Closed
dsquier opened this issue Dec 29, 2012 · 1 comment
Closed

Unable to retrieve access_token using getAccessTokenParameter with Bearer Authorization #19

dsquier opened this issue Dec 29, 2012 · 1 comment

Comments

@dsquier
Copy link
Contributor

dsquier commented Dec 29, 2012

Unable to retrieve access_token using getAccessTokenParameter from Bearer.php. For example, an HTTP POST with Header:

Authorization: Bearer 713eca9cb36f9c1be6b86d5dc242b5bb00c88598

is sent and a request is created:

$request = OAuth2_Request::createFromGlobals();

Doing a var_dump of $request:

...
    [server] => Array
        (
            [REDIRECT_HTTP_AUTHORIZATION] => Bearer 713eca9cb36f9c1be6b86d5dc242b5bb00c88598
            [REDIRECT_STATUS] => 200
            [HTTP_AUTHORIZATION] => Bearer 713eca9cb36f9c1be6b86d5dc242b5bb00c88598
            [HTTP_HOST] => 192.168.2.13
            [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
            [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
            [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.5
            [HTTP_ACCEPT_ENCODING] => gzip, deflate
            [HTTP_DNT] => 1
            [HTTP_CONNECTION] => keep-alive
            [CONTENT_TYPE] => application/x-www-form-urlencoded; charset=UTF-8
            [CONTENT_LENGTH] => 61
            [HTTP_COOKIE] => PHPSESSID=cofdhm7vqquplkbvjjf9ofutp2
            [HTTP_PRAGMA] => no-cache
            [HTTP_CACHE_CONTROL] => no-cache
            [PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
            [SERVER_SIGNATURE] => <address>Apache/2.2.22 (Ubuntu) Server at 192.168.2.13 Port 80</address>

            [SERVER_SOFTWARE] => Apache/2.2.22 (Ubuntu)
            [SERVER_NAME] => 192.168.2.13
            [SERVER_ADDR] => 192.168.2.13
            [SERVER_PORT] => 80
            [REMOTE_ADDR] => 192.168.2.12
            [DOCUMENT_ROOT] => /var/www
            [SERVER_ADMIN] => webmaster@localhost
            [SCRIPT_FILENAME] => /var/www/index.php
            [REMOTE_PORT] => 56430
            [REDIRECT_URL] => /admin/addclient
            [GATEWAY_INTERFACE] => CGI/1.1
            [SERVER_PROTOCOL] => HTTP/1.1
            [REQUEST_METHOD] => POST
            [QUERY_STRING] =>
            [REQUEST_URI] => /admin/addclient
            [SCRIPT_NAME] => /index.php
            [PHP_SELF] => /index.php
            [REQUEST_TIME] => 1356741875
        )
...
    [headers] => Array
        (
            [AUTHORIZATION] => Bearer 713eca9cb36f9c1be6b86d5dc242b5bb00c88598
            [HOST] => 192.168.2.13
            [USER_AGENT] => Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
            [ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
            [ACCEPT_LANGUAGE] => en-US,en;q=0.5
            [ACCEPT_ENCODING] => gzip, deflate
            [DNT] => 1
            [CONNECTION] => keep-alive
            [CONTENT_TYPE] => application/x-www-form-urlencoded; charset=UTF-8
            [CONTENT_LENGTH] => 61
            [COOKIE] => PHPSESSID=cofdhm7vqquplkbvjjf9ofutp2
            [PRAGMA] => no-cache
            [CACHE_CONTROL] => no-cache
        )
...

I can get it working by changing $request to look for the AUTHORIZATION in ->$headers from ->server, i.e.,

public function getAccessTokenParameter(OAuth2_RequestInterface $request)
{
    $headers = $request->headers('AUTHORIZATION');

By working, I mean the following returns a value for $access_token:

$bearer = new OAuth2_TokenType_Bearer();
$access_token = $bearer->getAccessTokenParameter($request);

My question-- am I implementing this incorrectly? Please note the following RewriteRule was added to .htaccess to allow for PHP parsing of Authorization other than Basic or Digest:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
bshaffer added a commit that referenced this issue Jan 1, 2013
@bshaffer
addresses #19 - uses headers instead of server when looking for AUTHO…
bf9504b 
…RIZATION header
@bshaffer
Copy link
Owner

bshaffer commented Jan 1, 2013

Thank you for catching this! It should be fixed now. Your suggestion of using "headers" instead of "server" is correct.

@bshaffer bshaffer closed this as completed Jan 1, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bshaffer @dsquier