Reputation: 395
How to read the OAuth request parameters with PHP?
I'm trying to connect an iPhone app to a PHP API using 2-legged OAuth as the Authentication mechanism. I'm using the PHP and Objective-C 2.0 libraries from http://code.google.com/p/oauth/ . The problem is that when I'm trying to issue a GET request with Objective-C, it doesn't include the OAuth parameters in the request URI, like the PHP library does when issuing an OAuth GET request:
http://www.mysite.com/oauth/index.php?oauth_consumer_key=key&oauth_nonce=XXXXXXXX&oauth_signature=XXXXXXXXXXX%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1309863754&oauth_version=1.0
Instead it puts the OAuth parameters in an Authorization header:
Authorization: OAuth realm="", oauth_consumer_key="XXXXX", oauth_token="XXXX-XXXX",
oauth_signature_method="HMAC-SHA1", oauth_signature="XXXXXXXX",
oauth_timestamp="1309863855", oauth_nonce="XXXX-XXX-XX-XX-XXXXXXX", oauth_version="1.0"
I suppose that both ways are equally valid for the OAuth specs, right?
What's the best way I can read the Authorization header with PHP?
Upvotes: 1
Views: 2999
Answers (1)
Reputation: 197765
I suppose that both ways are equally valid for the OAuth specs, right?
Yes, right.
What's the best way I can read the Authorization header with PHP?
Request headers in PHP are stored in the $_SERVER superglobal array, each header as an entry of it's own: $_SERVER['HTTP_AUTHORIZATION'] most probably in your case, just do
var_dump($_SERVER);
and look for the info. Detailed information how PHP deals with the HTTP request.
Authorization header missing in PHP
Unfortunately the Authorization header is filtered by PHP(?), so it's not part of $_SERVER.
Workaround: apache_request_headers()
When using PHP as an Apache module, a workaround is to use the apache_request_headers() function to retrieve all request headers.
Workaround: mod_rewrite
For F/CGI a workaround is to set the Authorization header with Mod_Rewrite into a environment variable that mimics PHP's scheme converting HTTP request headers:
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)$ [NC]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%1]
The mod_rewrite solution should work for PHP running with mod_php as well. Hat tip Jon Nylander.
Upvotes: 8
Related Questions
- PHP - How to get OAuth 2.0 Token
- Using OAuth for API Authorization with PHP
- How to get an OAuth 2.0 token in PHP?
- How to use authorization header PHP
- How to get AUTHORIZATION header value?
- Laravel get request headers
- How to include Authorization header in cURL POST HTTP Request in PHP?
- Gotomeeting php api(oauth) implementation
- Build an OAuth request for use with CURL in PHP
- Right way to set the OAuth Authorization header?