Re: [suPHP] suPHP, Oauth and the Authorization Header

Thu, 10 May 2012 08:52:33 -0700 

Hello,

That worked a treat.  Thank you very much.

Simon

On 10/05/12 15:30, Dave Ingram wrote:

One possible workaround I've seen used with Apache uses mod_rewrite:

RewriteEngine On
RewriteRule .? - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]


D


On 10/05/12 12:14, Simon Griffiths wrote:

Hello,
I've been building an oauth server in php and get to the point of testing. I've found that while running suPHP instead of mod_php the authorization http header is completely missing. Here is an example GET request: 

GET /hello.php HTTP/1.1
Host: oauth
Connection: close
Accept-encoding: gzip, deflate
User-Agent: Zend_Http_Client
Authorization: OAuth realm="",oauth_consumer_key="a38223774a56f0af5ea40bd88285166504fab8e81",oauth_nonce="314e9c28d415feecea00e38fd0e500e2",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1336647473",oauth_version="1.0",oauth_token="e5cca21c8cfe266df76fd55c1acd9b2b04fab9605",oauth_signature="V6hD3kiuV%2FJVnu53G93TNJk2sXY%3D"
On the receiving side I get the Host, Accept-Encoding, User-Agent and Connection headers but not the Authorization header.
Looking at the source for suPHP it appear in version 0.7.1-1 which I am using the Authorization header is only parsed if it equates to the Basic authentication type. Here is the url and code snippet: 

if  (r->headers_in) {
        const  char  *auth;
        auth = ap_table_get(r->headers_in,"Authorization");
        if  (auth&&  auth[0] != 0&&  strncmp(auth,"Basic", 6) == 0) {
            char  *user;
            char  *pass;
            user = ap_pbase64decode(p, auth + 6);
            if  (user) {
                pass = strchr(user,':');
                if  (pass) {
                    *pass++ ='\0';
                    auth_user = ap_pstrdup(p, user);
                    auth_pass = ap_pstrdup(p, pass);
                }
            }
        }
    }
From : http://suphp.sourcearchive.com/documentation/0.7.1-1/mod__suphp_8c-source.html
Does anyone have any ideas on how I can overcome this? Or maybe a patch that would just pass the Authorization header? 

Many Thanks,


Simon Griffiths
Llama Digital



_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp





_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp

Reply via email to