bvstone

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

Posted:

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

I was working on a project with a customer that was using a slimmed down version of OAuth 2.0 where in the HTTP headers containing an Authorization Token.

I know that most HTTP headers are available as environment variables (or using HTTP_<headername> as the environment variable to retrieve custom headers), but this was not.  A quick search brought me to this Stack Overflow question which explains that Apache strips out the Authentication header, but also giving a workaround.

Knowing that Apache on the IBM i isn't always the same as other versions, I decided to give it a whirl anyhow.  

Step 1:  Update my Apache Configuration File (httpd.conf)

The first thing I did was add the following line to my httpd.conf file for the web server in question:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Step 2:  Restart my Apache Server Instance

The next step, to make sure that the Apache server wouldn't puke on this new configuration was to restart my Apache server instance.  I did, and what do you know, it worked (or at least it didn't crash telling me that the SetEnvIf directive was invalid)

Step 3:  Test

My next step was to test, so I wrote a simple program named HDRTEST using the eRPG SDK that looks like the following:

H DFTACTGRP(*NO) BNDDIR('ERPGSDK')                                              
 ****************************************************************               
 * Prototypes                                                   *               
 ****************************************************************               
 /COPY QCOPYSRC,P.ERPGSDK                                                       
 /COPY QCOPYSRC,P.HTTPSTD                                                       
 ****************************************************************               
 * Data read in from web page                                                   
D header          S           1024    Varying                                   
 *                                                                   
 * Work Variables                                                    
D headerValue     S           1024    Varying                        
 ****************************************************************    
  #startup();                                                        
  #writeTemplate('stdhtmlheader.erpg');                              
  #loadTemplate('hdrtest.erpg');                                     

  header = #getData('header');                                      
  headerValue = #getEnv('HTTP_' + %trim(header));      

  #replaceData('/%header%/':header);                   
  #replaceData('/%value%/':headerValue);               
  #writeSection();                                     
                                                       
  #cleanup();                                          
                                                       
  *INLR = *on;                                                                                       

The template (hdrtest.erpg) used is VERY simple and looks like this:

/%header%/ = /%value%/

Next, I used GETURI to make a request with a custom Authorization header:

GETURI URI('bvstools.com/cgi-bin/hdrtest') DATA('header=AUTHORIZATION')
PORT(443) USRHDR((Authorization 'Bearer x8x8x8x9x9x9x9x9x9x'))
SSL(*YES)
         

To my joy the proper information was returned:

HTTP/1.1 200 OK
Date: Tue, 18 Jul 2017 15:55:51 GMT
Server: Apache
Content-Length: 42
Connection: close
Content-Type: text/html; 
charset=ISO-8859-1

AUTHORIZATION = Bearer x8x8x8x9x9x9x9x9x9x                                                         

So, again with just some simple RPG you are able to work with the rest of the world as OAuth and OAuth types of authentication become more popular.                                                  


Last edited 07/18/2017 at 11:01:16



Latest Posts:

Why I Cancelled my DynDNS Service and How I Replaced It with an IBM i Application Why I Cancelled my DynDNS Service and How I Replaced It with an IBM i Application
Posted by 8 hours ago
IBM Power Systems >> (QGPL) IBM i
Green Tools for G Suite (G4G) Product Updates (Licensing, Functionality, Base Product) Green Tools for G Suite (G4G) Product Updates (Licensing, Functionality, Base Product)
Posted by July 13, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Reading JSON Data from Standard Input With YAJL and RPG Reading JSON Data from Standard Input With YAJL and RPG
Posted by July 12, 2019
Programming >> Proof of Concept (POC)
MAILTOOL Updated to Allow Use of IBM Global Security Kit (GSKIT) for SSL/TLS Communications MAILTOOL Updated to Allow Use of IBM Global Security Kit (GSKIT) for SSL/TLS Communications
Posted by June 19, 2019
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
GETURI v10.00 Released Supporting IBM Global Security Kit (GSKIT) and Server Name Indication (SNI) GETURI v10.00 Released Supporting IBM Global Security Kit (GSKIT) and Server Name Indication (SNI)
Posted by June 11, 2019
BVSTools >> BVSTools Announcements >> Get URI (GETURI) Specific Announcements
BVSTools Now Offers Vertex Cloud Interface BVSTools Now Offers Vertex Cloud Interface
Posted by April 15, 2019
BVSTools >> BVSTools Announcements
Token Has an Invalid Signature Error for Office 365 Email Token Has an Invalid Signature Error for Office 365 Email
Posted by March 22, 2019
BVSTools >> BVSTools Software Discussion >> GreenTools for Microsoft Apps (G4MS) Specific Discussion
Resending Emails that have Errored Out with Updated Router or Authentication Information Resending Emails that have Errored Out with Updated Router or Authentication Information
Posted by March 1, 2019
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
BVSTools Offers Toolset to Work With HubSpot OAuth 2.0 APIs On Your IBM i BVSTools Offers Toolset to Work With HubSpot OAuth 2.0 APIs On Your IBM i
Posted by January 27, 2019
BVSTools >> BVSTools Announcements
G4MSDRV Currently Not Supported G4MSDRV Currently Not Supported
Posted by January 17, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
Removing Trailing Carriage Returns and/or Line Feeds from a String with RPG Removing Trailing Carriage Returns and/or Line Feeds from a String with RPG
Posted by December 26, 2018
Programming >> RPG Programming
Create QRCODE in DDS Create QRCODE in DDS
Posted by September 21, 2018
Programming >> RPG Programming
Base64 Encoding a File with RPG Base64 Encoding a File with RPG
Posted by September 6, 2018
Programming >> RPG Programming
Building JSON with RPG and YAJL and Writing to Standard Output Building JSON with RPG and YAJL and Writing to Standard Output
Posted by August 31, 2018
Programming >> Proof of Concept (POC)
How to Delete Files or Empty Trash From Your Google Drive with your IBM i and RPG/ILE How to Delete Files or Empty Trash From Your Google Drive with your IBM i and RPG/ILE
Posted by July 24, 2018
BVSTools >> BVSTools Software Discussion >> GreenTools for G Suite (Google Apps) (G4G) Specific Discussion

Reply




Copyright 1983-2019 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).