danger2k7/cakephp-soap-auth

CakePHP plugin for authenticating for stateless connexions

Maintainers

Details

github.com/dynweb-org/cakephp-soap-auth

Homepage

Source

Issues

Installs: 2 466

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Type:cakephp-plugin

1.0 2017-03-16 17:56 UTC

Requires

MIT 820dc06b7187136eae7b75df4b0107dca3779d50

Authenticationsoapcakephpauthenticatestareless

This package is not auto-updated.

Last update: 2024-04-28 00:53:26 UTC

README

License

Plugin containing AuthComponent's authenticate class for authenticating using headers.

Requirements

  • CakePHP 3.5+

Installation

composer require dynweb-org/cakephp-soap-auth

Usage

In your app's config/bootstrap.php add:

// In config/bootstrap.php
Plugin::load('Dynweb/SoapAuth');

or using cake's console:

./bin/cake plugin load Dynweb/SoapAuth

Configuration:

Setup AuthComponent:

    // In your controller, for e.g. src/Api/AppController.php

Working

The authentication class checks for the token in two locations:

  • HTTP_AUTHORIZATION environment variable:

    It first checks if token is passed using Authorization request header. The value should be of form Bearer <token>. The Authorization header name and token prefix Bearer can be customzied using options header and prefix respectively.

    Note: Some servers don't populate $_SERVER['HTTP_AUTHORIZATION'] when Authorization header is set. So it's upto you to ensure that either $_SERVER['HTTP_AUTHORIZATION'] or $_ENV['HTTP_AUTHORIZATION'] is set.

    For e.g. for apache you could use the following:

    RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

  • The query string variable specified using parameter config:

    Next it checks if the token is present in query string. The default variable name is token and can be customzied by using the parameter config shown above.