I have a dev URL that is behind HTTP authentication using a simple .htpasswd file - nothing special about that at all, all standard.
I am trying to hit a URL on that domain via cURL but am getting this message of course:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.4.29 (Ubuntu) Server
I have added what I believe to be the correct parameter to authorise the url but with no joy. Just the same message. I have echo'd out the username and password and these are exactly as I would enter into the browser prompt.
What is the next step to debug this?
I have solved this by NOT using curl_setopt_array, instead setting each 3 separately. Cannot currently explain why this is different but it works! :(
When I run this SSL test:
https://www.ssllabs.com/ssltest/analyze.html?d=rickschmitz.network
I get the following warning :
HTTP forwarding http://www.rickschmitz.network PLAINTEXT
What does this mean and how can I fix this?
This means that when requesting in HTTPS the response is a redirection to an HTTP URL (http://www.rickschmitz.network as given by SSLLabs). The browser is supposed to warn you when you are leaving the "secure" browsing. To fix it, check your Apache configuration at the SSL virtual host (should be in conf/extra/httpd-ssl.conf)
I am developing an Oauth 2 authentication server and I have a problem with endpoint redirection.
Here is what the RFC says that I try to follow scrupulously:
3.1.2.1. Endpoint Request Confidentiality
The redirection endpoint SHOULD require the use of TLS as described
in Section 1.6 when the requested response type is "code" or "token",
or when the redirection request will result in the transmission of
sensitive credentials over an open network.
https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2.1
Here is my question:
I know if the current request uses HTTPS with the $_SERVER ['HTTPS'] superglobal, but how do I determine if the url I'm going to redirect is using TLS
?
header("Location: $redirectUri");
Do I only rely on the protocol (https: // at the beginning of the URL)? On headers returned by a CURL request made before redirection (check the presence of the Strict-Transport-Security header) ? If not how should I do it?
PS: Normally it is not necessary but in case. Here is the complete code:
https://github.com/alexandre-le-borgne/oauth-server/blob/master/src/OAuth2/Endpoints/AuthorizationEndpoint.php#L185
My conclusion is that it is enough to check the presence of the https at the beginning of the URL.
So I have been following the tutorial to set up a LinkedIn login for my website.
I am able to do first two steps with ease and I get the authorization code.
Now I have to send HTTP POST and get JSON response to complete my LinkedIn API. I used following method to do same but I am getting an error.
Warning: file_get_contents(http://www.linkedin.com): failed to open
stream: HTTP request failed! HTTP/1.0 403 Forbidden in
D:\xampp\htdocs\LinkedIn\index.php on line 22 bool(false)
Can Anyone tell me what am I possibly doing wrong or alternative workaround?
2 Years back i worked on linkedin login but it didn't work for me too.
I suggest instead using OAuth login try with javascript SDK.
linkedin login SDK
http to https could also the reason for access forbidden because OAuth hits a server to server request which is basically http to https.
Hope this will help.
[function.fopen]: failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized
I am periodically getting this error, i.e it is only happening at random times, any ideas what would cause this, i have checked my php.ini and allow_url_fopen is set to true.
If the site requires basic authentication, you can give your credentials this way:
fopen("http://user:pass#www.example.com/path/to/resource", "r");
If it uses digest authentication, you'll have to handle it manually by reading the headers of the failed response and sending a new one with the correct headers. See HTTP context options for how to read and set headers and see how digest works in HTTP authentication with PHP.
You can also use the cURL extension or the HTTP PECL extension.
10.4.2 401 Unauthorized
The request requires user
authentication. The response MUST
include a WWW-Authenticate header
field (section 14.47) containing a
challenge applicable to the requested
resource. The client MAY repeat the
request with a suitable Authorization
header field (section 14.8). If the
request already included Authorization
credentials, then the 401 response
indicates that authorization has been
refused for those credentials. If the
401 response contains the same
challenge as the prior response, and
the user agent has already attempted
authentication at least once, then the
user SHOULD be presented the entity
that was given in the response, since
that entity might include relevant
diagnostic information. HTTP access
authentication is explained in "HTTP
Authentication: Basic and Digest
Access Authentication" [43].
Status Code Definitions
You are trying to access a site that requires authentication, as maggie pointed out. fopen() does not support HTTP Basic Authentication, so you must use the Client URL Library to achieve such functionalities.
This has been discussed before.
task - fopen with basic http authentication.
$auth_header = 'Authorization: Basic '.base64_encode("$user:$password");
$f = fopen($url, $open_mode,false, stream_context_create(
'http'=>array(
'header' => array($auth_header,$some_other_header,$some_yet_header),
),
));