How to properly use Bearer tokens?

by

1.Improving the security because if token is not sent in the header that sent in url, it will be logged by the network system, the server log ….

2.A good function to get Bearer tokens

/** 
 * Get header Authorization
 * */
function getAuthorizationHeader(){
    $headers = null;
    if (isset($_SERVER['Authorization'])) {
        $headers = trim($_SERVER["Authorization"]);
    }
    else if (isset($_SERVER['HTTP_AUTHORIZATION'])) { //Nginx or fast CGI
        $headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
    } elseif (function_exists('apache_request_headers')) {
        $requestHeaders = apache_request_headers();
        // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
        $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
        //print_r($requestHeaders);
        if (isset($requestHeaders['Authorization'])) {
            $headers = trim($requestHeaders['Authorization']);
        }
    }
    return $headers;
}

/**
 * get access token from header
 * */
function getBearerToken() {
    $headers = getAuthorizationHeader();
    // HEADER: Get the access token from the header
    if (!empty($headers)) {
        if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
            return $matches[1];
        }
    }
    return null;
}

More Related Contents:

  1. HTTP authentication logout via PHP
  2. PHP Sessions across sub domains
  3. How to prevent Browser cache for php site
  4. Create a CSV File for a user in PHP
  5. PHP file_get_contents() and setting request headers
  6. How to set HTTP header to UTF-8 using PHP which is valid in W3C validator
  7. Force file download with php using header()
  8. Does $_SERVER[‘HTTP_X_REQUESTED_WITH’] exist in PHP or not?
  9. How do I find the mime-type of a file with php?
  10. Cross domain cookies
  11. How to generate random 64-bit value as decimal string in PHP
  12. How to include Authorization header in cURL POST HTTP Request in PHP?
  13. Laravel 5.3 auth check in constructor returning false
  14. How to kill a/all php sessions?
  15. Why am I getting mime-type of .csv file as “application/octet-stream”?
  16. How to send 500 Internal Server Error error from a PHP script
  17. How to get final URL after following HTTP redirections in pure PHP?
  18. Logging In To Joomla 1.5 Using External Form (not within joomla folder, but on same server)
  19. When do I have to declare session_start();?
  20. Oauth implementation in netsuite using php
  21. Redirecting to previous page after login?
  22. PHP – Secure member-only pages with a login system
  23. Prevent Browser’s Back Button Login After Logout in Laravel 5
  24. Class ‘App\Http\Controllers\admin\Auth’ not found in Laravel 5
  25. facebook connect- $user_id = $facebook->getUser(); always returning 0 [duplicate]
  26. Laravel – How to get current user in AppServiceProvider
  27. Get “Content-Type” header of request in PHP
  28. Token was deauthenticated after trying to refresh it
  29. PHP authentication with multiple domains and subdomains
  30. Laravel Auth:attempt() will not persist login

Leave a Comment