Apache可以阻止承载身份验证标头吗? [英] Can apache prevent bearer authentication header?

问题描述

我正在使用不赞成使用的oauth2项目测试lumen 5.3.有一个使用代理并在服务器上隐藏客户端ID和机密的教程.

I am testing lumen 5.3 with a deprecated oauth2 project. There is a tutorial using proxy and hiding client ID and secret on the server .

流明没有护照，所以我必须使用这个包裹.

Lumen does not has passport ported so I have to use this package.

无论如何.我设法走得足够远，可以从服务器获取令牌.

Anyway. I managed to go far enough to get the token from server.

但是我的Authentication标头已被Lumen忽略.

But my Authentication header has been ignored by Lumen.

身份验证标头在哪里?我确定发送.

Where is the Authentication header? I send it for sure.

所以我现在想知道，是阿帕奇吗?需要一些模块吗?对于这种承载身份验证?

So I wonder now , is it apache ? Some module is needed? For this Bearer Authentication?

推荐答案

Apache2默认"执行此操作！

将此添加到您的.htaccess文件中即可解决此问题.

Add this into your .htaccess to solve this.

RewriteEngine On 
RewriteCond %{HTTP:Authorization} ^(.*) 
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

请参阅:

Oauth2标头-授权:承载(令牌)"；不起作用

https://github.com/tymondesigns/jwt-auth/issues/262

这篇关于Apache可以阻止承载身份验证标头吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！