Fetching custom Authorization header from incoming PHP request

Question

So I\'m trying to parse an incoming request in PHP which has the following header set:

Authorization: Custom Username

Simple question: how

Answer 1

Just use:

$headers = apache_request_headers();
$token = $headers['token'];

Answer 2

For background, why Apache filters away the Authorization header: https://stackoverflow.com/a/17490827

Solutions depending on which Apache module is used to pass the request to the application:

mod_wsgi, mod_fcgid:

• https://stackoverflow.com/a/30310338

cgi:

• https://stackoverflow.com/a/38175451

Other hacks - massaging the headers in this question:

• Request headers bag is missing Authorization header in Symfony 2?

• Apache 2.4 + PHP-FPM and Authorization headers

Answer 3

Add this code into your .htaccess

RewriteEngine On
RewriteRule .* - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Pass your header like Authorization: {auth_code} and finally you get the Authorization code by using $_SERVER['HTTP_AUTHORIZATION']

Note: The above one is for apache, if you're using the nginx you don't need to update anything. you can get the value easily in nginx like:

if you are passing authorization key, you can get the key value by just putting the $_SERVER['HTTP_AUTHORIZATION']. just add HTTP_ as the prefix in $_SERVER for get anything like

postman_token => HTTP_POSTMAN_TOKEN
test_key => HTTP_TEST_KEY

Answer 4

If you're only going to use Apache you might want to have a look at apache_request_headers().

Answer 5

For token based auth:

  $token = null;
  $headers = apache_request_headers();
  if(isset($headers['Authorization'])){
    $matches = array();
    preg_match('/Token token="(.*)"/', $headers['Authorization'], $matches);
    if(isset($matches[1])){
      $token = $matches[1];
    }
  }