4

From what I can see here, it isn't a good idea to hold sensitive data (like an access_token) in querystring parameters.

i.e: I am trying to avoid this:

http://localhost.dev/web/app_dev.php/api/articles?access_token=NzJhNz.....

Therefore, I tried to make api requests with the access_token in the Authorization header (which was suggested here. When trying to do so, I get the following error: 

{
    "error": "access_denied",
    "error_description": "OAuth2 authentication required"
}

However, the request is exactly like this, and the token seems to be properly set:

GET /web/app_dev.php/api/articles HTTP/1.1
Host    localhost.dev
Authorization   access_token=N2FmNzhhNGM2MTI5N2JhMWJlYjEdZjA0ZWM3ZTRhMTM1OGM0ODJjMzQzYjM7NTk3ZTEzNTVjZDczZTljMDk2MQ
Accept-Encoding gzip, deflate
Accept  application/json
Accept-Language en;q=1, fr;q=0.9, de;q=0.8, ja;q=0.7, nl;q=0.6, it;q=0.5
Connection  keep-alive
User-Agent  Localhost/1.0 (iPhone; iOS 6.1.4; Scale/2.00)

Does anyone one know if this is possible with FOSOAuthServerBundle?

Note: I verified in the browser, and the token is still valid (not expired).

4

2 回答 2

5

正如@alanbem在这里提到的,授权标头应如下所示:

Authorization: Bearer N2FmNzhhNGM2MTI5N2JhMWJlYj...

注意:如果您AFHTTPClient用于 iOS 开发,您只需覆盖该(void)setAuthorizationHeaderWithToken:(NSString *)token方法。

- (void)setAuthorizationHeaderWithToken:(NSString *)token {
    [self setDefaultHeader:@"Authorization" value:[NSString stringWithFormat:@"Bearer %@", token]];
}
于 2013-09-13T06:36:09.737 回答
0

正如@Mick 所提到的,您可以使用 Authorization 标头。

如果你在内部进行,在 PHPUnit 和任何其他使用 Symfony 请求的地方,你应该使用如下标题:

$headers = ['HTTP_AUTHORIZATION' => 'Bearer  2FmNzhhNGM2MTI5N2JhMWJlYj...'];

当您正在测试并且不想弄乱您的 URI 或请求参数时,这一点很重要。

于 2015-03-16T12:56:57.413 回答