All geek questions in one place

JWT: How to send authorization in the header?

I am using JWT ( https://github.com/tymondesigns/jwt-auth ) to create session tokens in my API.

I made all the appropriate settings to work as author documentation.

After connecting the session, I use the URL to return the data of my categories. When I pass the token directly in the url, it works. As below:

http://api.domain.com/categories?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9kZXYuaW1pYXZpcFwvYXBpXC9hdXRoXC9hdXRoZW50aWNhdGUiLCJzdWIiOiIxIiwiaWF0IjoxNDIxODQyMzU4LCJleHAiOjE0MjE5Mjg3NTh9.-nqKoARKc2t1bI2j5KFEP_zRU8KCki_dghKe6dtAedY

Only I need to pass the token in my request in the header using an authentication identifier. But does not work. See how I'm worried:

 Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9kZXYuaW1pYXZpcFwvYXBpXC9hdXRoXC9hdXRoZW50aWNhdGUiLCJzdWIiOiIxIiwiaWF0IjoxNDIxODQyMzU4LCJleHAiOjE0MjE5Mjg3NTh9.-nqKoARKc2t1bI2j5KFEP_zRU8KCki_dghKe6dtAedY

What could be wrong?

The JWT documentation mentions the use of the form I spent above. But does not work.

+6
source share
2 answers

If you are using Apache, then the headers will probably not work, due to this known issue in Symfony

You will need to add the following to your virtual host, if so:

 RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+4
source

Please make sure you have a line under your server code (server side). This is for PHP.

 header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization');

Please note that using the line above we enable the "Authorization" header.

Once you have the server side add-on code you can use below (if you are coding in php) to get all the headers in the array.

 getallheaders();
0
source

Source: https://habr.com/ru/post/982905/

More articles:


All Articles