AuthorizationHeader
Pair\Http\AuthorizationHeader centralizes parsing for HTTP Authorization headers.
It is shared by Request, OAuth2Token, and the Pair API bootstrap path so Basic and Bearer credentials are read consistently across SAPIs.
Different web servers expose the Authorization header through different PHP variables. Pair checks the common server keys and falls back to apache_request_headers() when available.
This avoids having one auth path read HTTP_AUTHORIZATION while another misses the same request.
Reads the raw Authorization header from the current request environment.
It checks:
AuthorizationHTTP_AUTHORIZATIONREDIRECT_HTTP_AUTHORIZATION-
apache_request_headers()fallback
The returned value is trimmed, and empty values become null.
Reads the raw header from a server-like array. This is useful for tests and for code that wants deterministic input.
$header = \Pair\Http\AuthorizationHeader::fromServer([
'HTTP_AUTHORIZATION' => 'Bearer opaque-token',
]);Extracts a Bearer token case-insensitively.
$token = \Pair\Http\AuthorizationHeader::bearerToken('Bearer opaque-token');Only the standard Bearer <token> shape is accepted.
Extracts Basic credentials from a valid Authorization header.
$credentials = \Pair\Http\AuthorizationHeader::basicCredentials(
'Basic ' . base64_encode('client-id:client-secret')
);The returned array contains:
idsecret
Invalid base64 data, missing separators, and empty IDs or secrets return null.
Request delegates header('Authorization') and bearerToken() to this helper.
OAuth2Token also uses this helper so legacy OAuth bearer checks and mobile/API bearer checks parse the same header value.
- Reading only
$_SERVER['HTTP_AUTHORIZATION']in custom code. - Treating any value after
Beareras valid without checking the standard shape. - Logging raw Authorization headers while debugging authentication failures.
See also: Request, OAuth2Token, ApiController, ApiToken, API.
