使用Authorization标头而不是access_token

时间:2014-05-21 18:43:46

标签: symfony fosrestbundle fosoauthserverbundle

尝试执行时使用rest client extensino:

http://api.domain.com/app_dev.php/api/1.0/resource/get?id=1

请求标题:

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
Authorization: Bearer %TOKEN%
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,ar;q=0.6
Cookie: __cfduid=db9759a3f1a39eb02d8daa62ef240c1031392572386844; _ga=GA1.2.972638156.1393664034; PHPSESSID=c15c8de4a1ee3a957274d4328448ff37

返回

{"error":"access_denied","error_description":"OAuth2 authentication required"}

但是当我尝试在查询字符串中传递access_token时 http://api.domain.com/app_dev.php/api/1.0/resource/get?id=1&access_token=%TOKEN%

我正在使用Symfony2,FOSRestBundle& NelmioCorsBundle,这就是我的config.yml看起来像

fos_rest:
    param_fetcher_listener: true
    body_listener: true
    format_listener: true
    view:
        view_response_listener: 'force'
        formats:
            xml: true
            json : true
        templating_formats:
            html: true
        force_redirects:
            html: true
        failed_validation: HTTP_BAD_REQUEST
        default_engine: php
    routing_loader:
        default_format: json

fos_oauth_server:
    db_driver: orm       
    client_class:        MyApp\ApiBundle\Entity\Client
    access_token_class:  MyApp\ApiBundle\Entity\AccessToken
    refresh_token_class: MyApp\ApiBundle\Entity\RefreshToken
    auth_code_class:     MyApp\ApiBundle\Entity\AuthCode  
    service:
        user_provider: fos_user.user_manager
        options:
          # Changing tokens and authcode lifetime
            access_token_lifetime: 300000000
            refresh_token_lifetime: 300000000
            auth_code_lifetime: 30

nelmio_cors:
    defaults:
        allow_credentials: false
        allow_origin: ['*']
        allow_headers: ['*']
        allow_methods: []
        expose_headers: []
        max_age: 0
        hosts: []
    paths:
        '^/api/':
            allow_origin: ['*']
            allow_headers: ['X-Custom-Auth']
            allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
            max_age: 3600
        '^/':
            allow_origin: ['*']
            allow_headers: ['X-Custom-Auth']
            allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
            max_age: 3600
            hosts: ['^api\.']    

1 个答案:

答案 0 :(得分:1)

遇到了同样的问题。

添加

RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

到Virtualhost标签下的virtualhost解决了它

参考: Similar issue