that works as expected. if i add a withRedirect() or another withHeader(‘Location’ , ‘my route’) the token gets lost in space.
is there a possibility to add an array of headers to ->withHeader()? like [[‘token’, $token],[‘Location’,’my route’]]?
or maybe there is some neat other way?
thanks in advance!
ps: i followed daniel opitz’s tutorial on slim 4 - thanks alot for that. i couldn’t implement the jwtAuthentication from mika tuupola to that setup, thats why i’m running the withHeader thing for now…
A redirection in the HTTP protocol doesn’t support adding any headers to the target location. It’s basically just a header in itself and only allows a URL.
Other than HTTP cookies, there’s nothing in the protocol specification about forwarding headers. The client needs to implement this functionality.
If you only need the JWT in your client JavaScript, consider adding it as a search param to the redirect URL. The search params won’t be sent to the server when requesting a URL, so the token shouldn’t end up in any logs.
understood. thanks for your advice, will refactor my service and the client.
update: the cookie variant sounds promising. read some about http_only and other security settings lately. will scan through docs and forum to find prior discussions on the topic.