bvstone

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

Posted:

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

I was working on a project with a customer that was using a slimmed down version of OAuth 2.0 where in the HTTP headers containing an Authorization Token.

I know that most HTTP headers are available as environment variables (or using HTTP_<headername> as the environment variable to retrieve custom headers), but this was not.  A quick search brought me to this Stack Overflow question which explains that Apache strips out the Authentication header, but also giving a workaround.

Knowing that Apache on the IBM i isn't always the same as other versions, I decided to give it a whirl anyhow.  

Step 1:  Update my Apache Configuration File (httpd.conf)

The first thing I did was add the following line to my httpd.conf file for the web server in question:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Step 2:  Restart my Apache Server Instance

The next step, to make sure that the Apache server wouldn't puke on this new configuration was to restart my Apache server instance.  I did, and what do you know, it worked (or at least it didn't crash telling me that the SetEnvIf directive was invalid)

Step 3:  Test

My next step was to test, so I wrote a simple program named HDRTEST using the eRPG SDK that looks like the following:

H DFTACTGRP(*NO) BNDDIR('ERPGSDK')                                              
 ****************************************************************               
 * Prototypes                                                   *               
 ****************************************************************               
 /COPY QCOPYSRC,P.ERPGSDK                                                       
 /COPY QCOPYSRC,P.HTTPSTD                                                       
 ****************************************************************               
 * Data read in from web page                                                   
D header          S           1024    Varying                                   
 *                                                                   
 * Work Variables                                                    
D headerValue     S           1024    Varying                        
 ****************************************************************    
  #startup();                                                        
  #writeTemplate('stdhtmlheader.erpg');                              
  #loadTemplate('hdrtest.erpg');                                     

  header = #getData('header');                                      
  headerValue = #getEnv('HTTP_' + %trim(header));      

  #replaceData('/%header%/':header);                   
  #replaceData('/%value%/':headerValue);               
  #writeSection();                                     
                                                       
  #cleanup();                                          
                                                       
  *INLR = *on;                                                                                       

The template (hdrtest.erpg) used is VERY simple and looks like this:

/%header%/ = /%value%/

Next, I used GETURI to make a request with a custom Authorization header:

GETURI URI('bvstools.com/cgi-bin/hdrtest') DATA('header=AUTHORIZATION')
PORT(443) USRHDR((Authorization 'Bearer x8x8x8x9x9x9x9x9x9x'))
SSL(*YES)
         

To my joy the proper information was returned:

HTTP/1.1 200 OK
Date: Tue, 18 Jul 2017 15:55:51 GMT
Server: Apache
Content-Length: 42
Connection: close
Content-Type: text/html; 
charset=ISO-8859-1

AUTHORIZATION = Bearer x8x8x8x9x9x9x9x9x9x                                                         

So, again with just some simple RPG you are able to work with the rest of the world as OAuth and OAuth types of authentication become more popular.                                                  


Last edited 07/18/2017 at 11:01:16



Latest Posts:

GreenTools for Slack (G4SLK) v3.00 Released GreenTools for Slack (G4SLK) v3.00 Released
Posted by January 17, 2020
BVSTools >> BVSTools Announcements >> GreenTools for Slack (G4SLK) Specific Announcements
Calling a QSH Command from RPG Calling a QSH Command from RPG
Posted by December 26, 2019
Programming >> RPG Programming
SPLTOOL Print Range (PRTRNG) Function Updated to Handle Spooled Files up to 999,999,999 Pages SPLTOOL Print Range (PRTRNG) Function Updated to Handle Spooled Files up to 999,999,999 Pages
Posted by December 14, 2019
BVSTools >> BVSTools Announcements >> Spooled File Tools (SPLTOOL) Specific Announcements
GreenTools for Microsoft Apps (G4MS) Updated to v6.00 - Now Uses Microsoft Graph APIs GreenTools for Microsoft Apps (G4MS) Updated to v6.00 - Now Uses Microsoft Graph APIs
Posted by November 24, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
V7R4 Changes CCSID of Compressed File Using PASE JAR Command - Here's The Fix V7R4 Changes CCSID of Compressed File Using PASE JAR Command - Here's The Fix
Posted by November 21, 2019
IBM Power Systems >> (QGPL) IBM i
Using GETURI to Make OAuth 2.0 Requests - Custom Headers for Access Tokens Using GETURI to Make OAuth 2.0 Requests - Custom Headers for Access Tokens
Posted by November 11, 2019
BVSTools >> BVSTools Software Discussion >> Get URI (GETURI) Specific Discussion
GreenTools for Microsoft Apps (G4MS) v5.00 Released with Updated OneDrive Support and 3rd Party Functionality GreenTools for Microsoft Apps (G4MS) v5.00 Released with Updated OneDrive Support and 3rd Party Functionality
Posted by October 20, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
BVSTools is Now Running V7R4M0 BVSTools is Now Running V7R4M0
Posted by September 28, 2019
BVSTools >> BVSTools Announcements
GreenTools for G Suite (G4G) Now Includes Send Mail Functionality (G4GSMAIL Addon) GreenTools for G Suite (G4G) Now Includes Send Mail Functionality (G4GSMAIL Addon)
Posted by August 27, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
GreenTools For G Suite (G4G) v12.00 Released With Base OAuth 2.0 Functionality GreenTools For G Suite (G4G) v12.00 Released With Base OAuth 2.0 Functionality
Posted by July 28, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
BVSTools Small Price Increase in 2020 BVSTools Small Price Increase in 2020
Posted by July 26, 2019
BVSTools >> BVSTools Announcements
GreenTools for Vertex Cloud (VTXCLOUD) Now Available GreenTools for Vertex Cloud (VTXCLOUD) Now Available
Posted by July 22, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Vertex Cloud (VTXCLOUD) Specific Announcements
GreenTools for Google Apps (G4G) - Drive Addon Successfully Verified by Google GreenTools for Google Apps (G4G) - Drive Addon Successfully Verified by Google
Posted by July 22, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Why I Cancelled my DynDNS Service and How I Replaced It with an IBM i Application Why I Cancelled my DynDNS Service and How I Replaced It with an IBM i Application
Posted by July 17, 2019
IBM Power Systems >> (QGPL) IBM i
Green Tools for G Suite (G4G) Product Updates (Licensing, Functionality, Base Product) Green Tools for G Suite (G4G) Product Updates (Licensing, Functionality, Base Product)
Posted by July 13, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements

Reply




Copyright 1983-2020 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).