CakePHP 3 + JWT + Xampp: Unable to read HTTP Authorization Bearer Token


#1

I’m designing this CakePHP 3 application using ADmad’s CakePHP JWT Auth plugin and Bravo Kernel’s tutorial.

I’ve followed the example and am able to generate the tokens by calling the token() method.

However, when I post requests back using the token in form of Authorization Bearer xxx included in the headers, CakePHP is not able to read it.

If I log the $request var, I see…

[_environment:protected] => Array
    (
        [REDIRECT_REDIRECT_HTTP_AUTHORIZATION] => Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkZTUyYTIxZC02Nzk1LTRlZTgtYjFhYi1mYmY1N2M4OTQxNDAiLCJleHAiOjE1MTAzMDQxNTZ9.GeO-UACG491JsACeWqXYGasISBTRc7g74wVQjde-gYY
        [REDIRECT_REDIRECT_MIBDIRS] => D:/xampp7/php/extras/mibs
        [REDIRECT_REDIRECT_MYSQL_HOME] => \xampp\mysql\bin
        [REDIRECT_REDIRECT_OPENSSL_CONF] => D:/xampp7/apache/bin/openssl.cnf
        [REDIRECT_REDIRECT_PHP_PEAR_SYSCONF_DIR] => \xampp\php


        [REQUEST_URI] => /api/requesters/load-user-details.json
        [SCRIPT_NAME] => /api/webroot/index.php
        [PHP_SELF] => /api/webroot/index.php
        [REQUEST_TIME_FLOAT] => 1509704194.57
        [REQUEST_TIME] => 1509704194
        [HTTP_AUTHORIZATION] => Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkZTUyYTIxZC02Nzk1LTRlZTgtYjFhYi1mYmY1N2M4OTQxNDAiLCJleHAiOjE1MTAzMDQxNTZ9.GeO-UACG491JsACeWqXYGasISBTRc7g74wVQjde-gYY
        [ORIGINAL_REQUEST_METHOD] => GET
        [HTTP_X_REQUESTED_WITH] => 

As per Bravo Kernel’s tutorial / ADmad’s explanation, I’ve added the following lines in .htaccess to ensure Apache passes on the token…

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

The token appears to be included in the headers … but the plugin still keeps outputting …

{
    "message": "You are not authorized to access that location.",
    "url": "/requesters/load-user-details.json",
    "code": 401,
}

Has anyone encountered this issue and know of a potential fix?

Thank you.