bvstone

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

Posted:

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

I was working on a project with a customer that was using a slimmed down version of OAuth 2.0 where in the HTTP headers containing an Authorization Token.

I know that most HTTP headers are available as environment variables (or using HTTP_<headername> as the environment variable to retrieve custom headers), but this was not.  A quick search brought me to this Stack Overflow question which explains that Apache strips out the Authentication header, but also giving a workaround.

Knowing that Apache on the IBM i isn't always the same as other versions, I decided to give it a whirl anyhow.  

Step 1:  Update my Apache Configuration File (httpd.conf)

The first thing I did was add the following line to my httpd.conf file for the web server in question:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Step 2:  Restart my Apache Server Instance

The next step, to make sure that the Apache server wouldn't puke on this new configuration was to restart my Apache server instance.  I did, and what do you know, it worked (or at least it didn't crash telling me that the SetEnvIf directive was invalid)

Step 3:  Test

My next step was to test, so I wrote a simple program named HDRTEST using the eRPG SDK that looks like the following:

H DFTACTGRP(*NO) BNDDIR('ERPGSDK')                                              
 ****************************************************************               
 * Prototypes                                                   *               
 ****************************************************************               
 /COPY QCOPYSRC,P.ERPGSDK                                                       
 /COPY QCOPYSRC,P.HTTPSTD                                                       
 ****************************************************************               
 * Data read in from web page                                                   
D header          S           1024    Varying                                   
 *                                                                   
 * Work Variables                                                    
D headerValue     S           1024    Varying                        
 ****************************************************************    
  #startup();                                                        
  #writeTemplate('stdhtmlheader.erpg');                              
  #loadTemplate('hdrtest.erpg');                                     

  header = #getData('header');                                      
  headerValue = #getEnv('HTTP_' + %trim(header));      

  #replaceData('/%header%/':header);                   
  #replaceData('/%value%/':headerValue);               
  #writeSection();                                     
                                                       
  #cleanup();                                          
                                                       
  *INLR = *on;                                                                                       

The template (hdrtest.erpg) used is VERY simple and looks like this:

/%header%/ = /%value%/

Next, I used GETURI to make a request with a custom Authorization header:

GETURI URI('bvstools.com/cgi-bin/hdrtest') DATA('header=AUTHORIZATION')
PORT(443) USRHDR((Authorization 'Bearer x8x8x8x9x9x9x9x9x9x'))
SSL(*YES)
         

To my joy the proper information was returned:

HTTP/1.1 200 OK
Date: Tue, 18 Jul 2017 15:55:51 GMT
Server: Apache
Content-Length: 42
Connection: close
Content-Type: text/html; 
charset=ISO-8859-1

AUTHORIZATION = Bearer x8x8x8x9x9x9x9x9x9x                                                         

So, again with just some simple RPG you are able to work with the rest of the world as OAuth and OAuth types of authentication become more popular.                                                  


Last edited 07/18/2017 at 11:01:16



Latest Posts:

GreenTools for G Suite (G4G) Now Includes Send Mail Functionality (G4GSMAIL Addon) GreenTools for G Suite (G4G) Now Includes Send Mail Functionality (G4GSMAIL Addon)
Posted by August 27, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
GreenTools For G Suite (G4G) v12.00 Released With Base OAuth 2.0 Functionality GreenTools For G Suite (G4G) v12.00 Released With Base OAuth 2.0 Functionality
Posted by July 28, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
BVSTools Small Price Increase in 2020 BVSTools Small Price Increase in 2020
Posted by July 26, 2019
BVSTools >> BVSTools Announcements
GreenTools for Vertex Cloud (VTXCLOUD) Now Available GreenTools for Vertex Cloud (VTXCLOUD) Now Available
Posted by July 22, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Vertex Cloud (VTXCLOUD) Specific Announcements
GreenTools for Google Apps (G4G) - Drive Addon Successfully Verified by Google GreenTools for Google Apps (G4G) - Drive Addon Successfully Verified by Google
Posted by July 22, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Why I Cancelled my DynDNS Service and How I Replaced It with an IBM i Application Why I Cancelled my DynDNS Service and How I Replaced It with an IBM i Application
Posted by July 17, 2019
IBM Power Systems >> (QGPL) IBM i
Green Tools for G Suite (G4G) Product Updates (Licensing, Functionality, Base Product) Green Tools for G Suite (G4G) Product Updates (Licensing, Functionality, Base Product)
Posted by July 13, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Reading JSON Data from Standard Input With YAJL and RPG Reading JSON Data from Standard Input With YAJL and RPG
Posted by July 12, 2019
Programming >> Proof of Concept (POC)
MAILTOOL Updated to Allow Use of IBM Global Security Kit (GSKIT) for SSL/TLS Communications MAILTOOL Updated to Allow Use of IBM Global Security Kit (GSKIT) for SSL/TLS Communications
Posted by June 19, 2019
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
GETURI v10.00 Released Supporting IBM Global Security Kit (GSKIT) and Server Name Indication (SNI) GETURI v10.00 Released Supporting IBM Global Security Kit (GSKIT) and Server Name Indication (SNI)
Posted by June 11, 2019
BVSTools >> BVSTools Announcements >> Get URI (GETURI) Specific Announcements
BVSTools Now Offers Vertex Cloud Interface BVSTools Now Offers Vertex Cloud Interface
Posted by April 15, 2019
BVSTools >> BVSTools Announcements
Token Has an Invalid Signature Error for Office 365 Email Token Has an Invalid Signature Error for Office 365 Email
Posted by March 22, 2019
BVSTools >> BVSTools Software Discussion >> GreenTools for Microsoft Apps (G4MS) Specific Discussion
Resending Emails that have Errored Out with Updated Router or Authentication Information Resending Emails that have Errored Out with Updated Router or Authentication Information
Posted by March 1, 2019
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
BVSTools Offers Toolset to Work With HubSpot OAuth 2.0 APIs On Your IBM i BVSTools Offers Toolset to Work With HubSpot OAuth 2.0 APIs On Your IBM i
Posted by January 27, 2019
BVSTools >> BVSTools Announcements
G4MSDRV Currently Not Supported G4MSDRV Currently Not Supported
Posted by January 17, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements

Reply




Copyright 1983-2019 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).