I’m designing this CakePHP 3 application using ADmad’s CakePHP JWT Auth plugin and Bravo Kernel’s tutorial.
I’ve followed the example and am able to generate the tokens by calling the token() method.
However, when I post requests back using the token in form of Authorization Bearer xxx included in the headers, CakePHP is not able to read it.
If I log the $request var, I see…
[_environment:protected] => Array
(
[REDIRECT_REDIRECT_HTTP_AUTHORIZATION] => Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkZTUyYTIxZC02Nzk1LTRlZTgtYjFhYi1mYmY1N2M4OTQxNDAiLCJleHAiOjE1MTAzMDQxNTZ9.GeO-UACG491JsACeWqXYGasISBTRc7g74wVQjde-gYY
[REDIRECT_REDIRECT_MIBDIRS] => D:/xampp7/php/extras/mibs
[REDIRECT_REDIRECT_MYSQL_HOME] => \xampp\mysql\bin
[REDIRECT_REDIRECT_OPENSSL_CONF] => D:/xampp7/apache/bin/openssl.cnf
[REDIRECT_REDIRECT_PHP_PEAR_SYSCONF_DIR] => \xampp\php
…
…
[REQUEST_URI] => /api/requesters/load-user-details.json
[SCRIPT_NAME] => /api/webroot/index.php
[PHP_SELF] => /api/webroot/index.php
[REQUEST_TIME_FLOAT] => 1509704194.57
[REQUEST_TIME] => 1509704194
[HTTP_AUTHORIZATION] => Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkZTUyYTIxZC02Nzk1LTRlZTgtYjFhYi1mYmY1N2M4OTQxNDAiLCJleHAiOjE1MTAzMDQxNTZ9.GeO-UACG491JsACeWqXYGasISBTRc7g74wVQjde-gYY
[ORIGINAL_REQUEST_METHOD] => GET
[HTTP_X_REQUESTED_WITH] =>
As per Bravo Kernel’s tutorial / ADmad’s explanation, I’ve added the following lines in .htaccess to ensure Apache passes on the token…
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
The token appears to be included in the headers … but the plugin still keeps outputting …
{
"message": "You are not authorized to access that location.",
"url": "/requesters/load-user-details.json",
"code": 401,
}
Has anyone encountered this issue and know of a potential fix?
Thank you.