I create restful api using code igniter 4 and JWT. Login API worked fine and generated auth token. But I cant get login detail using token, it shows an error (null value) while trying to get authorization token.
public function details(){
$key = $this->getKey();
$authHeader = $this->request->getHeader("Authorization"); //return null
$authHeader = $authHeader->getValue(); //line 149 error, caused $authHeader is null
$token = $authHeader;
// $token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJUaGVfY2xhaW0iLCJhdWQiOiJUaGVfQXVkIiwiaWF0IjoxNjQxNTQ0MTQzLCJuYmYiOjE2NDE1NDQxNTMsImV4cCI6MTY0MTU0Nzc0MywiZGF0YSI6eyJpZCI6IjkiLCJhY2NvdW50X2lkIjoiY2ljY2NjIiwibmFtZSI6ImNvZGUgaWduaXRlciJ9fQ.TI3zztWxIYZxoa_vhTB04YoGMaq4GdD4bxzmrt8QAH0";
try{
$decoded = JWT::decode($token,$key,array("HS256"));
if($decoded){
$response = [
'status' => 200,
'error' => false,
'message' => 'Account details',
'data' => [
'account' => $decoded
]
];
return $this->respondCreated($response);
}
}catch(Exception $ex){
$response = [
'status' => 401,
'error' => true,
'message' =>'Access denied',
'data' => []
];
return $this->respondCreated($response);
}
}
result on postman
{
"title": "Error",
"type": "Error",
"code": 500,
"message": "Call to a member function getValue() on null",
"file": "/var/www/html/project-root/app/Controllers/Account.php",
"line": 149,
"trace": [
{
"file": "/var/www/html/project-root/vendor/codeigniter4/framework/system/CodeIgniter.php",
"line": 825,
"function": "details",
"class": "App\\Controllers\\Account",
"type": "->",
"args": []
},
{
"file": "/var/www/html/project-root/vendor/codeigniter4/framework/system/CodeIgniter.php",
"line": 412,
"function": "runController",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": [
{}
]
},
{
"file": "/var/www/html/project-root/vendor/codeigniter4/framework/system/CodeIgniter.php",
"line": 320,
"function": "handleRequest",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": [
null,
{
"handler": "file",
"backupHandler": "dummy",
"storePath": "/var/www/html/project-root/writable/cache/",
"cacheQueryString": false,
"prefix": "",
"ttl": 60,
"reservedCharacters": "{}()/\\@:",
"file": {
"storePath": "/var/www/html/project-root/writable/cache/",
"mode": 416
},
"memcached": {
"host": "127.0.0.1",
"port": 11211,
"weight": 1,
"raw": false
},
"redis": {
"host": "127.0.0.1",
"password": null,
"port": 6379,
"timeout": 0,
"database": 0
},
"validHandlers": {
"dummy": "CodeIgniter\\Cache\\Handlers\\DummyHandler",
"file": "CodeIgniter\\Cache\\Handlers\\FileHandler",
"memcached": "CodeIgniter\\Cache\\Handlers\\MemcachedHandler",
"predis": "CodeIgniter\\Cache\\Handlers\\PredisHandler",
"redis": "CodeIgniter\\Cache\\Handlers\\RedisHandler",
"wincache": "CodeIgniter\\Cache\\Handlers\\WincacheHandler"
}
},
false
]
},
{
"file": "/var/www/html/project-root/public/index.php",
"line": 35,
"function": "run",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": []
}
]
}
postman screenshot
and if I hardcode token, I can get login detail. Why this line $authHeader = $this->request->getHeader("Authorization"); return null?
.htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
CodePudding user response:
Add this to your .htaccess file
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
Then get header like this
$this->request->getServer('HTTP_AUTHORIZATION')
update
I noticed you are not using Authorization tab but setting header manually. If you set Authorization header manually make sure value field starts with Bearer like
Bearer eyJ....
or simply use Authorization tab and select Bearer Token
CodePudding user response:
Following is the way I use to fetch Authorization token for the header.
In public/.htaccess file I have configuration as following:
# Disable directory browsing
Options All -Indexes
# ----------------------------------------------------------------------
# Rewrite engine
# ----------------------------------------------------------------------
# Turning on the rewrite engine is necessary for the following rules and features.
# FollowSymLinks must be enabled for this to work.
<IfModule mod_rewrite.c>
Options FollowSymlinks
RewriteEngine On
# If you installed CodeIgniter in a subfolder, you will need to
# change the following line to match the subfolder you need.
# http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
# RewriteBase /
# Redirect Trailing Slashes...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Rewrite "www.example.com -> example.com"
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(. )$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
# Checks to see if the user is attempting to access a valid file,
# such as an image or css document, if this isn't true it sends the
# request to the front controller, index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
# Ensure Authorization header is passed along
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
ErrorDocument 404 index.php
</IfModule>
# Disable server signature start
ServerSignature Off
# Disable server signature end
And in the controller apache_request_headers() wrapper is used to get the header.
$authorization = apache_request_headers()["Authorization"];
This will only work with Apache server though.