php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #72915 *Only* basic and digest authentication supported
Submitted: 2016-08-21 21:02 UTC Modified: 2021-11-02 17:22 UTC
Votes:9
Avg. Score:4.2 ± 0.9
Reproduced:8 of 8 (100.0%)
Same Version:2 (25.0%)
Same OS:2 (25.0%)
From: cpuidle at gmx dot de Assigned: cmb (profile)
Status: Closed Package: *Web Server problem
PHP Version: 7.0.10 OS: OSX
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cpuidle at gmx dot de
New email:
PHP Version: OS:

 

 [2016-08-21 21:02 UTC] cpuidle at gmx dot de 
Description:
------------
echo $_SERVER['HTTP_AUTHORIZATION']

Test script:
---------------
curl --header "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0NzE4MDMwNjYsImV4cCI6MTQ3MTg4OTQ2Niwic3ViIjoidXNlciJ9.1JSvKan_gh5nV6wsLBbmZ0KrO9NKhHX7ktcmzxgtMHM" http://localhost/test.php

Expected result:
----------------
Show authorization header

Actual result:
--------------
$_SERVER['HTTP_AUTHORIZATION'] not present

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-26 07:17 UTC] cpuidle at gmx dot de
-Summary: HTTP_AUTORIZATION header missing when php module is used +Summary: HTTP_AUTORIZATION header missing for Bearer Auth when using apache module
 [2016-08-26 07:17 UTC] cpuidle at gmx dot de 
To be clear: the $_SERVER['HTTP_AUTHORIZATION'] variable is empty while apache_request_headers() shows that the Authorization header is indeed present. 

It doesn't seem to get picked up by PHP, but why?
 [2016-08-26 07:34 UTC] cpuidle at gmx dot de 
Looking at https://github.com/php/php-src/blob/9fc0a5e049ade8082b2b9a45687ac8cbd694f731/main/main.c#L2615 it seems that PHP _only_ supports Basic and Digest authorization and nothing else.
 [2021-11-02 17:22 UTC] cmb@php.net
-Summary: HTTP_AUTORIZATION header missing for Bearer Auth when using apache module +Summary: *Only* basic and digest authentication supported -Status: Open +Status: Verified -Type: Bug +Type: Documentation Problem -Package: Apache2 related +Package: *Web Server problem -Assigned To: +Assigned To: cmb
 [2021-11-02 17:22 UTC] cmb@php.net 
> […] it seems that PHP _only_ supports Basic and Digest
> authorization and nothing else.

Right; regardless of the SAPI.  The manual, apparently a bit
outdated, claims[1]:

| Both "Basic" and "Digest" authentication methods are supported.

Use the oauth extension for bearer authentication (or a PHP
library, or roll your own :).

[1] <https://www.php.net/manual/en/features.http-auth.php>
 [2021-11-02 17:27 UTC] git@php.net 
Automatic comment on behalf of cmb69
Revision: https://github.com/php/doc-en/commit/2d1981cc3003cd94f5fb88e0473eed2c5b26efde
Log: Fix #72915: *Only* basic and digest authentication supported
 [2021-11-02 17:27 UTC] git@php.net
-Status: Verified +Status: Closed
 [2021-11-03 09:59 UTC] git@php.net 
Automatic comment on behalf of sy-records (author) and web-flow (committer)
Revision: https://github.com/php/doc-zh/commit/8576a1ea3a5eb1a14fac35b28a8eff2fd0faba21
Log: Fix #72915: *Only* basic and digest authentication supported (#108)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 11:01:30 2024 UTC