Plugin containing AuthComponent's authenticate class for authenticating using headers.
- CakePHP 3.5+
composer require dynweb-org/cakephp-soap-auth
In your app's config/bootstrap.php
add:
// In config/bootstrap.php
Plugin::load('Dynweb/SoapAuth');
or using cake's console:
./bin/cake plugin load Dynweb/SoapAuth
Setup AuthComponent
:
// In your controller, for e.g. src/Api/AppController.php
The authentication class checks for the token in two locations:
-
HTTP_AUTHORIZATION
environment variable:It first checks if token is passed using
Authorization
request header. The value should be of formBearer <token>
. TheAuthorization
header name and token prefixBearer
can be customzied using optionsheader
andprefix
respectively.Note: Some servers don't populate
$_SERVER['HTTP_AUTHORIZATION']
whenAuthorization
header is set. So it's upto you to ensure that either$_SERVER['HTTP_AUTHORIZATION']
or$_ENV['HTTP_AUTHORIZATION']
is set.For e.g. for apache you could use the following:
RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
-
The query string variable specified using
parameter
config:Next it checks if the token is present in query string. The default variable name is
token
and can be customzied by using theparameter
config shown above.