Tagged 2.1.2.

Support Authorization header passed as ENV var
Some hosts (at this point I only know of Fortrabbit) require Authorization headers to be passed as an environment variable, which PHP will then shove into . See more: http://fortrabbit.com/docs/essentials/quirks-and-constraints\#authorization-header
2025-05-31 14:12:07 +05:30 · 2014-05-13 15:08:41 +01:00 · 2014-05-13 15:07:44 +01:00
2 changed files with 12 additions and 5 deletions
--- a/composer.json
+++ b/composer.json
@@ -1,7 +1,7 @@
 {
 	"name": "league/oauth2-server",
 	"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
-	"version": "2.1.1",
+	"version": "2.1.2",
 	"homepage": "https://github.com/php-loep/oauth2-server",
 	"license": "MIT",
 	"require": {
--- a/src/League/OAuth2/Server/Resource.php
+++ b/src/League/OAuth2/Server/Resource.php
@@ -183,7 +183,7 @@ class Resource

        $result = $this->storages['session']->validateAccessToken($accessToken);

-        if ( ! $result) {
+        if (! $result) {
            throw new Exception\InvalidAccessTokenException('Access token is not valid');
        }

@@ -225,7 +225,7 @@ class Resource
            return false;
        } elseif (is_array($scopes)) {
            foreach ($scopes as $scope) {
-                if ( ! in_array($scope, $this->sessionScopes)) {
+                if (! in_array($scope, $this->sessionScopes)) {
                    return false;
                }
            }
@@ -244,7 +244,15 @@ class Resource
     */
    protected function determineAccessToken($headersOnly = false)
    {
-        if ($header = $this->getRequest()->header('Authorization')) {
+        // Try to get it directly from a header
+        if (! $header = $this->getRequest()->header('Authorization')) {
+
+            // Failing that try getting it from a server variable
+            $header = $this->getRequest()->server('HTTP_AUTHORIZATION');
+        }
+
+        // One of them worked
+        if ($header) {
            // Check for special case, because cURL sometimes does an
            // internal second request and doubles the authorization header,
            // which always resulted in an error.
@@ -269,5 +277,4 @@ class Resource

        return $accessToken;
    }
-
 }