phpcodeignitercodeigniter-4
How to get Header Authorization on code igniter 4?
I create restful api using code igniter 4 and JWT. Login API worked fine and generated auth token. But I cant get login detail using token, it shows an error (null value) while trying to get authorization token.
public function details(){
$key = $this->getKey();
$authHeader = $this->request->getHeader("Authorization"); //return null
$authHeader = $authHeader->getValue(); //line 149 error, caused $authHeader is null
$token = $authHeader;
// $token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJUaGVfY2xhaW0iLCJhdWQiOiJUaGVfQXVkIiwiaWF0IjoxNjQxNTQ0MTQzLCJuYmYiOjE2NDE1NDQxNTMsImV4cCI6MTY0MTU0Nzc0MywiZGF0YSI6eyJpZCI6IjkiLCJhY2NvdW50X2lkIjoiY2ljY2NjIiwibmFtZSI6ImNvZGUgaWduaXRlciJ9fQ.TI3zztWxIYZxoa_vhTB04YoGMaq4GdD4bxzmrt8QAH0";
try{
$decoded = JWT::decode($token,$key,array("HS256"));
if($decoded){
$response = [
'status' => 200,
'error' => false,
'message' => 'Account details',
'data' => [
'account' => $decoded
]
];
return $this->respondCreated($response);
}
}catch(Exception $ex){
$response = [
'status' => 401,
'error' => true,
'message' =>'Access denied',
'data' => []
];
return $this->respondCreated($response);
}
}
result on postman
{
"title": "Error",
"type": "Error",
"code": 500,
"message": "Call to a member function getValue() on null",
"file": "/var/www/html/project-root/app/Controllers/Account.php",
"line": 149,
"trace": [
{
"file": "/var/www/html/project-root/vendor/codeigniter4/framework/system/CodeIgniter.php",
"line": 825,
"function": "details",
"class": "App\\Controllers\\Account",
"type": "->",
"args": []
},
{
"file": "/var/www/html/project-root/vendor/codeigniter4/framework/system/CodeIgniter.php",
"line": 412,
"function": "runController",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": [
{}
]
},
{
"file": "/var/www/html/project-root/vendor/codeigniter4/framework/system/CodeIgniter.php",
"line": 320,
"function": "handleRequest",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": [
null,
{
"handler": "file",
"backupHandler": "dummy",
"storePath": "/var/www/html/project-root/writable/cache/",
"cacheQueryString": false,
"prefix": "",
"ttl": 60,
"reservedCharacters": "{}()/\\@:",
"file": {
"storePath": "/var/www/html/project-root/writable/cache/",
"mode": 416
},
"memcached": {
"host": "127.0.0.1",
"port": 11211,
"weight": 1,
"raw": false
},
"redis": {
"host": "127.0.0.1",
"password": null,
"port": 6379,
"timeout": 0,
"database": 0
},
"validHandlers": {
"dummy": "CodeIgniter\\Cache\\Handlers\\DummyHandler",
"file": "CodeIgniter\\Cache\\Handlers\\FileHandler",
"memcached": "CodeIgniter\\Cache\\Handlers\\MemcachedHandler",
"predis": "CodeIgniter\\Cache\\Handlers\\PredisHandler",
"redis": "CodeIgniter\\Cache\\Handlers\\RedisHandler",
"wincache": "CodeIgniter\\Cache\\Handlers\\WincacheHandler"
}
},
false
]
},
{
"file": "/var/www/html/project-root/public/index.php",
"line": 35,
"function": "run",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": []
}
]
}
postman screenshot
and if I hardcode token, I can get login detail. Why this line $authHeader = $this->request->getHeader("Authorization"); return null?
.htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
Solution
Following is the way I use to fetch Authorization token for the header.
In public/.htaccess file I have configuration as following:
# Disable directory browsing
Options All -Indexes
# ----------------------------------------------------------------------
# Rewrite engine
# ----------------------------------------------------------------------
# Turning on the rewrite engine is necessary for the following rules and features.
# FollowSymLinks must be enabled for this to work.
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On
# If you installed CodeIgniter in a subfolder, you will need to
# change the following line to match the subfolder you need.
# http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
# RewriteBase /
# Redirect Trailing Slashes...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Rewrite "www.example.com -> example.com"
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
# Checks to see if the user is attempting to access a valid file,
# such as an image or css document, if this isn't true it sends the
# request to the front controller, index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
# Ensure Authorization header is passed along
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
ErrorDocument 404 index.php
</IfModule>
# Disable server signature start
ServerSignature Off
# Disable server signature end
And in the controller apache_request_headers() wrapper is used to get the header.
$authorization = apache_request_headers()["Authorization"];
This will only work with Apache server though.