Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Bearer Authentication Not being recognaized

In Phalcon full application (MVC), I tried to send a Bearer token in the request headers but I can't see it in the request headers when using $this->request->getHeaders() in any controller.

Example:

GET /endpoint HTTP/1.1
Host: phalcon.local
Accept: application/json
Authorization: Bearer 6b02a3b092cadf34e1b9a84c01ab896ff3a7e7d1
Cache-Control: no-cache
Postman-Token: d0d06ce8-ac32-4693-ac33-24740d600917

And when dumping the request headers:

array (size=8)
  'Accept' => string 'application/json' (length=16)
  'Cache-Control' => string 'no-cache' (length=8)
  'Postman-Token' => string '3cacdf05-58e3-437d-8d11-07905d242578' (length=36)
  'User-Agent' => string 'PostmanRuntime/7.2.0' (length=20)
  'Host' => string 'phalcon.local' (length=13)
  'Cookie' => string 'PHPSESSID=1dd71b8647eedb126b05f252c1828d0e' (length=42)
  'Accept-Encoding' => string 'gzip, deflate' (length=13)
  'Connection' => string 'keep-alive' (length=10)

Any clue ?



2.7k
Accepted
answer
edited 15d ago

The problem is in application server itself (Apache2), it does not accept "Authorization" header in request. To solve this, just add

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

in /etc/apache/apache2.conf