Laravel passport change header authentication

Question

I am using Laravel passport and it requires to send in every request the header Authentication to be sent.

Is it possible to change the name of the header to X-Access-Token?

I saw passport uses the package

League\OAuth2\Server\AuthorizationValidators;

method:

/**
 * {@inheritdoc}
 */
public function validateAuthorization(ServerRequestInterface $request)
{
    dd($request);
    if ($request->hasHeader('authorization') === false) {
        throw OAuthServerException::accessDenied('Missing "Authorization" header');
    }

    $header = $request->getHeader('authorization');
    $jwt = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0]));

I tried to change here but seems the validation of the headers happen before this method.

Answer 1

For Laravel 5.8 you'd have to force your custom middleware to always be on top of the call chain So in your app\kernel.php add this -

protected $middlewarePriority = [
        \App\Http\Middleware\AuthorizationToolMiddleware::class,
    ];

Answer 2

There are many fundamental pieces of code that rely on the existence of the authorization header.

You could roll your own if you felt so inclined.

Note also that authorization is a web standard request header. X-Access-Token is a response header pattern.

*Edit** Given our conversation below, you can use Middleware and Middleware priority to dictate which runs first, observe requests that have an X-Access-Token and use addHeader to convert the value of that header to authorization:

php artisan make:middleware AuthorizationToolMiddleware

Then in the handle function:

public function handle($request, Closure $next)
{

    $request->headers->set('Authorization', $request->headers->get('X-Access-Token'));

    return $next($request);
}

This middleware should execute before other middleware in order to ensure the headers are set by the time that passport handles the request.