Fix for broken Android Request header (version 2.2) implementation - we now ignore case for 'Authorization' header.

Dave Rochwerger · Dave Rochwerger · commit 9d9727ae68c9 · 2012-01-06T16:22:21.000-08:00
diff --git a/lib/OAuth2.php b/lib/OAuth2.php
@@ -466,6 +466,9 @@ public function verifyAccessToken($token_param, $scope = NULL) {
    * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.2
    * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.3
    * 
+   * Old Android version bug (at least with version 2.2)
+   * @see http://code.google.com/p/android/issues/detail?id=6684
+   * 
    * We don't want to test this functionality as it relies on superglobals and headers:
    * @codeCoverageIgnoreStart
    */
@@ -475,7 +478,10 @@ public function getBearerToken() {
     }
     elseif (function_exists('apache_request_headers')) {
       $requestHeaders = apache_request_headers();
-
+      
+      // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
+      $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
+      
       if (isset($requestHeaders['Authorization'])) {
         $headers = trim($requestHeaders['Authorization']);
       }
