From 44f51bfc1c754d26311040780d89546f269e2ca9 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 26 Feb 2014 17:27:56 -0500 Subject: [PATCH] Support Authorization header passed as ENV var Some hosts (at this point I only know of Fortrabbit) require Authorization headers to be passed as an environment variable, which PHP will then shove into . See more: http://fortrabbit.com/docs/essentials/quirks-and-constraints\#authorization-header --- src/League/OAuth2/Server/Resource.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 49f149ee..13108da2 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -183,7 +183,7 @@ class Resource $result = $this->storages['session']->validateAccessToken($accessToken); - if ( ! $result) { + if (! $result) { throw new Exception\InvalidAccessTokenException('Access token is not valid'); } @@ -225,7 +225,7 @@ class Resource return false; } elseif (is_array($scopes)) { foreach ($scopes as $scope) { - if ( ! in_array($scope, $this->sessionScopes)) { + if (! in_array($scope, $this->sessionScopes)) { return false; } } @@ -244,7 +244,15 @@ class Resource */ protected function determineAccessToken($headersOnly = false) { - if ($header = $this->getRequest()->header('Authorization')) { + // Try to get it directly from a header + if (! $header = $this->getRequest()->header('Authorization')) { + + // Failing that try getting it from a server variable + $header = $this->getRequest()->server('HTTP_AUTHORIZATION'); + } + + // One of them worked + if ($header) { // Check for special case, because cURL sometimes does an // internal second request and doubles the authorization header, // which always resulted in an error. @@ -269,5 +277,4 @@ class Resource return $accessToken; } - }