CakePHP 4 Auth token

After deploying my app on the production server token authentication seems to fail.

The application is a REST API with a vuejs frontend.

The users can log in via login form and gets back an auth token. All later API calls authenticated with the token what is sent out in a header. On localhost everything work expected.

However at the production server token authentication fails, I get “no identity found” error.

Any idea what can cause this?

It seems Apache swallowed the Authentication header, so it never reached my application.

To fix copy these lines into .htaccess and webroot/.htaccess

# Apache may swallow Authorization header
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

you just saved me hours, thanks!