Authorization header on request to ressource server

[nottavi]

Hi

Once I retrieved an access_token I am trying to get a ressource through an ajax request.
I pass the access_token in the request header

Authorization: Bearer the_access_token

I have 401 all the time. Does the ressource server accept this way to pass the access_token or should I send (which I find less secure and inelegant) the access_token in query string ?

I'm not sure I will receive an answer as this repo seems abandoned, but if someone could confirm it would be great

Thank you

[reb3r]

Which Webserver do you use? For an setup with apache, following entry to my .htaccess helped me:

# Make Bearer Auth-Header available to PHP Backend (needed for OAUTH2) RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Also make sure you enabled mod_rewrite...

[nottavi]

Thanks @reb3r finally my issue was linked to the preflight request on an ajax POST.
I've added the line in my .htaccess also and handled the preflight request in my Resource Controller, by doing nothing in that case

$request = OAuth2\Request::createFromGlobals(); if( $_SERVER["REQUEST_METHOD"] === "OPTIONS" ): // Do we have to do something here ? else: // Handle the request if (!$server->verifyResourceRequest($request)) { $server->getResponse()->send(); die; } endif;