Reputation: 694
How to get AUTHORIZATION header value?
I am trying to obtain a Bearer Token from a custom API I am developing. When I am requesting my API, I am setting this header information with this info:
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer 1234567890abcdefghijklmnopqrstuvwkyz'
I can view my requested headers through Chrome and it shows me:
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,fr-CA;q=0.8,fr;q=0.7
Authorization: Bearer 1234567890abcdefghijklmnopqrstuvwkyz
Connection: keep-alive
Content-Type: application/json
Host: api.localhost.dev
Origin: http://localhost:8100
Referer: http://localhost:8100
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
However, when I try and get the header value for through the $_SERVER['HTTP_AUTHORIZATION'] or $_SERVER['Authorization'] variable, there is no information.
EDIT:
I have also tried adding these to my .htaccess with no luck, either:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>
And
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
And
CGIPassAuth On
Here is a quick rundown of my server set-up:
PHP 7.3.11 CGI/FastCGI
Server version: Apache/2.4.7 (Ubuntu)
Linux 4.9.159-vs2.3.9.8-vs+ x86_64
Is there a different way I can get the 'Authorization': 'Bearer 1234567890abcdefghijklmnopqrstuvwkyz' that is being sent through the header?
Upvotes: 5
Views: 9812
Answers (1)
Reputation: 477
Check out https://www.php.net/manual/en/function.getallheaders.php
Returns: An associative array of all the HTTP headers in the current request, or FALSE on failure.
With getallheaders(), you can retrieve the request headers, and access them via an associative array:
<?php
$headers = getallheaders();
if (in_array('Authorization', $headers)) {
echo $headers['Authorization'];
}
You can also add the following to your .htaccess file:
RewriteEngine On
RewriteRule .* - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
This should then make the following available for you:
$_SERVER['HTTP_AUTHORIZATION'];
Upvotes: 8
Related Questions
- Fetching custom Authorization header from incoming PHP request
- How to know if user authorized by request header
- Get Header Authorization key in laravel controller?
- How to get the Authorization header from request in wordpress
- How to attach authorization header via PHP?
- How to fetch Authorization from page header?
- HTTP header authorization using PHP
- PHP - retrieve token from header
- PHP - Header authorization request
- Authorization header and apache_request_headers function