lumen-api-oauth
lumen-api-oauth copied to clipboard
esbenp
'Request ressource' returns 400
So after some fiddling around I got the whole login to work. An Object like
Object {accessToken: "VlDpwd74kP8Tsa5tpQ3X6cTAXb222gIqOCSaoWAO", accessTokenExpiration: 3600}
is returned! :-) But clicking "Request resource" immediately returns a error 400 - which also alerts "Since we did not send an access token we get client error". I do not understand. jQOAuth is implemented correctly (I think) but it seems like that it does not work properly - meaning, it does not set the appropriate headers when trying to GET /api/resource, thus a 400 is returned.
The response:
"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "access token" parameter."
I tried replacing the route group with this:
$app->get('api/resource', function() {
return app()->make('request')->header();
});
Weird thing is: All the headers sent with the request show up, EXCEPT the Authorization header. Why is that?
Please also see my post here for more details! Thanks a bunch! :-)
Any ideas on this?
Did you check it with poster or postman like this -
http://yoursite.com/index.php/api/resource?access_token=your-token-here
Method - GET
Hi! Yes I tried that and it works just fine! But I really would like to rely on the Auth header as it is way cleaner. But still - the header does not work and I really have no idea why. Details on what I have already tried, please check HERE! Any ideas?
I'm having the same issue and I would like to keep using the Authorization header.
OK I found the issue here.
So basically, we use this to fetch the header:
$this->getRequest()->headers->get('Authorization')
Which is fine in most cases, except this one. I logged the following value like this:
error_log(print_r(getallheaders(), true));
And the output is like this:
[25-Oct-2015 09:56:50 UTC] Array
(
[Host] => localhost
[Connection] => keep-alive
[User-Agent] => Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
[Accept] => */*
[X-CSRF-Token] => null
[Authorization] => Bearer OV5RD0Eadc5WazTs36QuO08tCh5fxmv5vOs4q3RH
[X-Requested-With] => XMLHttpRequest
[Referer] => http://localhost/api/public/
[Accept-Encoding] => gzip, deflate, sdch
[Accept-Language] => en-US,en;q=0.8,de;q=0.6,sq;q=0.4,sr;q=0.2
[Cookie] => refreshToken=eyJpdiI6ImRHeGZ5WmlGb0VPeE5CZUx6SFVwdHc9PSIsInZhbHVlIjoiRmpSQmxwd2tDVmtTQ2V0Kzg1MEdzcllNbTRScys0SStuRFJENFwvQXNIRmJJMXlvKzUzNW9mQkV0Y0VQQjg5aTlxVUR2ZEk0cVFFMHZaT2ZWQnp2V25UbmJ6MXhRZ3hmcWFaazd3N1RkYnhrdFRTTVNPbHdRNUhHR0IweHFaUzdJd1l4UzNVRzg2ajdkRWk5OHZ4RllGMklvSk5YenEzME1uRXFcL2dZNTFpbG5ZcXFWd0FLWWx3U1lMbHhibU0zb3VkbGkrWExoN28rTkJyOERJU1wveGx1cXVhTkdNeW1yTmt0Q2dzXC9RM0cxQThFeHNCenRtVFlzUjRsY0JGdFVKV3NFSGRIb2VwQTM3eFBEY2VcL3dyVGErSHp5a3JEU3d1eWUrZ2Z6NURaZzRCRVZHdHE3Tk5kSHp0RjBmVVczeUV5TldxdmJOODBYa2pKcW53YW13ZHZlRkI2MzVNT1lHTmtyKzdYM0lWd1NqMEJtUnpmM2dSeFo3NVZFQzlINnFITzIiLCJtYWMiOiJlZmVhOTFmYmNmOTFmNmU1N2Y4MzExYTg5ZWNkM2QxNGViZDNkYmY5OTU5ZDg5ZDU5MWIxYzY0MGQ4NTE4ODFhIn0%3D
)
Why would Lumen not take the Authorization header?
EDIT
Just made an external little application to invoke my API and I get this error now:
XMLHttpRequest cannot load http://localhost/api/public/login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
I think I have some major glitch somewhere. Help would be appreciated.
I fixed this problem. Simply add the following to your public/.htacess after RewriteEngine On:
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@dugajean solution fixed same issue for me with no other action required.
