1

I'm having trouble migrating my Backend CakePHP App, from CakePHP 3.9 to CakePHP 4. The App serves as an API for my sveltejs/sapper Javascript Application.

As for the JWT Authentication I'm using the admad/cakephp-jwt-auth plugin.

The App before Migration works perfectly from the browser as the frontend. Testing my API in Postman works for both CakePHP 3 and 4 versions.

After migration however, requests sent from the browser (sveltejs/sapper) and where Authentication is needed (Authorization header containing the Bearer token) result in an error:

Error 401 "Authorization failed

My CORS Middleware (ozee31/cakephp-cors plugin) also seems to be working since requests that don't need to be authorized just work as expected, also from the browser - unplugging CORS middleware result in an CORS error in the browser for those requests.

Also, my server is populating $_SERVER['HTTP_AUTHORIZATION']

Has anyone successfully implemented a similar setup, especially when it comes to CakePHP 4 and HTTP_AUTHORIZATION header yet?

ndm
  • 59,784
  • 9
  • 71
  • 110
Axel Nitzschner
  • 11
  • 2
  • Have you debugged what exactly the requests made in your browser look like? If not, do that, check your browser's network console and compare the requests (and responses) to those made by Postman. Also check your CakePHP app's error/debug logs for possibly more information, at the very least the stacktrace might hold some hints, telling you where exactly the error is triggered. – ndm Aug 20 '21 at 14:18

2 Answers2

0

I created a own JWT plugin for CakePHP 4 that worked as a component.

https://github.com/WireCore/CakePHP_JWT

It's currently in alpha but you can try if it solved your problem.

You can install it with composer composer require wirecore/cakephp_jwt and add it in your Application.php via $this->addPlugin('Wirecore/CakePHP_JWT'); You find more details in the README

wiifree
  • 55
  • 1
  • 7
  • 1
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – cursorrux Aug 29 '21 at 09:09
  • Please add further details to expand on your answer, such as working code or documentation citations. – Community Aug 29 '21 at 09:47
0

Cors error can be fixed in following way .

In AppController.php

    private function setCorsHeaders()
    {
        $this->response = $this->response->cors($this->request)
            ->allowOrigin(['*'])
            ->allowMethods(['*'])
            ->allowHeaders(['x-xsrf-token', 'Origin', 'Content-Type', 'X-Auth-Token', 'authorization'])
            ->allowCredentials(['true'])
            ->exposeHeaders(['Link'])
            ->maxAge(300)
            ->build();
    }
    public function beforeRender(EventInterface $event)
    {
        // .......
        $this->setCorsHeaders();
    }
    public function beforeFilter(EventInterface $event)
    {
        // ......
        if ($this->request->is('OPTIONS')) { 
            $this->setCorsHeaders();
            return $this->response;
        }
    }

In config/Bootstrap.php add this line al last line og file.

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");
RiTeSh
  • 513
  • 3
  • 12