JWT: How send authorization in header?

Question

I'm using the JWT (https://github.com/tymondesigns/jwt-auth) to generate session tokens in my API.

I made all relevant settings to work as the author's documentation.

After connecting the session, I make use of a URL to return data of my categories. When I pass the token directly in the URL, it works. As follows:

http://api.domain.com/categories?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9kZXYuaW1pYXZpcFwvYXBpXC9hdXRoXC9hdXRoZW50aWNhdGUiLCJzdWIiOiIxIiwiaWF0IjoxNDIxODQyMzU4LCJleHAiOjE0MjE5Mjg3NTh9.-nqKoARKc2t1bI2j5KFEP_zRU8KCki_dghKe6dtAedY

Only I need to pass the token, in my request on the header, using the Authentication Bearer. But does not work. See how I'm going through:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9kZXYuaW1pYXZpcFwvYXBpXC9hdXRoXC9hdXRoZW50aWNhdGUiLCJzdWIiOiIxIiwiaWF0IjoxNDIxODQyMzU4LCJleHAiOjE0MjE5Mjg3NTh9.-nqKoARKc2t1bI2j5KFEP_zRU8KCki_dghKe6dtAedY

What could be wrong?

In the JWT documentation mentions the use of the form I spent above. But does not work.

Answer 1

If you are using Apache, then the headers are probably not coming through, due to this known issue within Symfony

You will need to add the following to your virtual host if this is the case:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Answer 2

Please make sure that you have below line in your backend (server side) code This is for PHP.

header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization');

Notice that with above line we are allowing "Authorization" header.

Once you have above line in your server side code, then you can you below function (if you are coding in php) to get all headers in array.

getallheaders();