-1

I have two applications APP_A and APP_B. While logged into APP_A I wish to provide a redirect (or equivalent) to APP_B that would include a header authorization token. APP_B will then take that token and automatically log in the user without them needing to input their credentials again.

I use PHP (Laminas framework). On the APP_B side I am able to read the header values without issue. However within the APP_A redirect I don't know how best to assign an authorization bearer token. I was hoping the following would work but it does not:

Header("Location: https://APP_B");
Header("Authorization: Bearer test1234");
exit;

The following does work:

Header("Location: https://APP_B?Authorization=test1234");
exit;

However I do not want to include the token in that manner.

Can anyone help me out, or even point me in the right direction?

DaveMac001
  • 155
  • 3
  • 13
  • Redirection is acted by the client, tipically the web browser (note that you use *exit* statement to terminate the local execution). All other headers are received by the client but they are not forwarded to the new location, and for this reason the Authorization header is not transmitted to the new Location – Pippo Apr 17 '23 at 14:38
  • How should I send the bearer token? – DaveMac001 Apr 17 '23 at 14:59

1 Answers1

0

You add the oauth tag for your post so I am assuming you are using it as authorization protocol for the two apps.

It depends if the two apps are really two applications, I mean is the same application using two technical components or two different apps?

You should have one or two OAuth clients with different scopes and audiences depending on what has access to the apps. The authentication part can be common so the user will have to authenticate himself only one time.

Emmanuel
  • 68
  • 8