danger2k7/cakephp-soap-auth

CakePHP plugin for authenticating for stateless connexions

CakePHP SOAP Authenticate plugin

, _(*1)

Plugin containing AuthComponent's authenticate class for authenticating using headers., _(*2)

Requirements

• CakePHP 3.5+

Installation

composer require dynweb-org/cakephp-soap-auth

Usage

In your app's config/bootstrap.php add:, _(*3)

// In config/bootstrap.php
Plugin::load('Dynweb/SoapAuth');

or using cake's console:, _(*4)

./bin/cake plugin load Dynweb/SoapAuth

Configuration:

Setup AuthComponent:, _(*5)

    // In your controller, for e.g. src/Api/AppController.php

Working

The authentication class checks for the token in two locations:, _(*6)

• HTTP_AUTHORIZATION environment variable:, _(*7)

  It first checks if token is passed using Authorization request header. The value should be of form Bearer <token>. The Authorization header name and token prefix Bearer can be customzied using options header and prefix respectively., _(*8)

  Note: Some servers don't populate $_SERVER['HTTP_AUTHORIZATION'] when Authorization header is set. So it's upto you to ensure that either $_SERVER['HTTP_AUTHORIZATION'] or $_ENV['HTTP_AUTHORIZATION'] is set., _(*9)

  For e.g. for apache you could use the following:, _(*10)

  RewriteEngine On
  RewriteCond %{HTTP:Authorization} ^(.*)
  RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
  

• The query string variable specified using parameter config:, _(*11)

  Next it checks if the token is present in query string. The default variable name is token and can be customzied by using the parameter config shown above., _(*12)