Is anyone successfully using the HTTP header method for authenticating to emonCMS? This appears to be non-functional with the current (9.8.6 | 2017.05.10 emonCMS and emonSD November 2016 image).
I’m running emonCMS (9.8.6 | 2017.05.10) on an emonBASE in low-write mode with the November 2016 emonSD image. Attempts to call the API using the “Authorization: Bearer” syntax via curl and other methods return a “Username or password empty” response. I’ve confirmed via network trace that my header is attached and that the API key works when POSTing or adding as a query parameter to a GET request.
Throwing a one-liner
print_r($_SERVER) php script together reveals that the Authorization header is not getting set in the $_SERVER array when passed to PHP. This bug report (PHP :: Bug #72915 :: HTTP_AUTORIZATION header missing for Bearer Auth when using apache module) suggests that
Authorization: Bearer methods are not supported in PHP.
If I change the emoncms code to look for an
X-Authorization header (and adjust my client code to match), things work as expected.
It seems pretty convincing that this auth method doesn’t work with PHP, but I’m surprised this hasn’t bitten other emonCMS users. Experiences that can confirm/deny that they’ve gotten the Authentication header method to work off the emonSD provided config would be super appreciated.