尝试执行时使用rest客户端扩展:
http://api.domain.com/app_dev.php/api/1.0/resource/get?id=1
请求标题:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
Authorization: Bearer %TOKEN%
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,ar;q=0.6
Cookie: __cfduid=db9759a3f1a39eb02d8daa62ef240c1031392572386844; _ga=GA1.2.972638156.1393664034; PHPSESSID=c15c8de4a1ee3a957274d4328448ff37
它返回
{"error":"access_denied","error_description":"OAuth2 authentication required"}
但是当我尝试在查询字符串中传递access_token时http://api.domain.com/app_dev.php/api/1.0/resource/get?id=1&access_token=%token%
我使用的是Symfony2、FOSRestBundle&NelmioCorsBundle,这就是我的config.yml看起来像的原因
fos_rest:
param_fetcher_listener: true
body_listener: true
format_listener: true
view:
view_response_listener: 'force'
formats:
xml: true
json : true
templating_formats:
html: true
force_redirects:
html: true
failed_validation: HTTP_BAD_REQUEST
default_engine: php
routing_loader:
default_format: json
fos_oauth_server:
db_driver: orm
client_class: MyAppApiBundleEntityClient
access_token_class: MyAppApiBundleEntityAccessToken
refresh_token_class: MyAppApiBundleEntityRefreshToken
auth_code_class: MyAppApiBundleEntityAuthCode
service:
user_provider: fos_user.user_manager
options:
# Changing tokens and authcode lifetime
access_token_lifetime: 300000000
refresh_token_lifetime: 300000000
auth_code_lifetime: 30
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: ['*']
allow_headers: ['*']
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
paths:
'^/api/':
allow_origin: ['*']
allow_headers: ['X-Custom-Auth']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
max_age: 3600
'^/':
allow_origin: ['*']
allow_headers: ['X-Custom-Auth']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
max_age: 3600
hosts: ['^api.']
也面临同样的问题。
添加
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
到虚拟主机下的虚拟主机标签解决它
请参阅:类似问题