mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-08 13:03:53 +05:30
Support Authorization header passed as ENV var
Some hosts (at this point I only know of Fortrabbit) require Authorization headers to be passed as an environment variable, which PHP will then shove into . See more: http://fortrabbit.com/docs/essentials/quirks-and-constraints\#authorization-header
This commit is contained in:
parent
8556f616d3
commit
f83a9a7fa4
@ -185,7 +185,7 @@ class Resource
|
|||||||
|
|
||||||
$result = $this->storages['session']->validateAccessToken($accessToken);
|
$result = $this->storages['session']->validateAccessToken($accessToken);
|
||||||
|
|
||||||
if ( ! $result) {
|
if (! $result) {
|
||||||
throw new Exception\InvalidAccessTokenException('Access token is not valid');
|
throw new Exception\InvalidAccessTokenException('Access token is not valid');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -227,7 +227,7 @@ class Resource
|
|||||||
return false;
|
return false;
|
||||||
} elseif (is_array($scopes)) {
|
} elseif (is_array($scopes)) {
|
||||||
foreach ($scopes as $scope) {
|
foreach ($scopes as $scope) {
|
||||||
if ( ! in_array($scope, $this->sessionScopes)) {
|
if (! in_array($scope, $this->sessionScopes)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -246,7 +246,15 @@ class Resource
|
|||||||
*/
|
*/
|
||||||
public function determineAccessToken($headersOnly = false)
|
public function determineAccessToken($headersOnly = false)
|
||||||
{
|
{
|
||||||
if ($header = $this->getRequest()->header('Authorization')) {
|
// Try to get it directly from a header
|
||||||
|
if (! $header = $this->getRequest()->header('Authorization')) {
|
||||||
|
|
||||||
|
// Failing that try getting it from a server variable
|
||||||
|
$header = $this->getRequest()->server('HTTP_AUTHORIZATION');
|
||||||
|
}
|
||||||
|
|
||||||
|
// One of them worked
|
||||||
|
if ($header) {
|
||||||
// Check for special case, because cURL sometimes does an
|
// Check for special case, because cURL sometimes does an
|
||||||
// internal second request and doubles the authorization header,
|
// internal second request and doubles the authorization header,
|
||||||
// which always resulted in an error.
|
// which always resulted in an error.
|
||||||
@ -271,5 +279,4 @@ class Resource
|
|||||||
|
|
||||||
return $accessToken;
|
return $accessToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user