php superglobal function ($GLOBALS[‘headers’][‘Authorization’]) in never set. why?

  authorization, oauth-2.0, php, superglobals, token

I have php function that is supposed to verify if there is a token, and if so, search my table for a company name that matches. The function works fine when I use xampp in localhost. When I do it in prod on the server, it gives me a ‘token undefined’ error, What could possibly be causing the error?
my php function

    public function findCompany(){
        echo "global var= ";
//        var_dump($GLOBALS['headers']['Authorization']);
//        var_dump($GLOBALS);

        if (isset($GLOBALS['headers']['Authorization'])) {
            if ($id = $this->VerifyUserToken($GLOBALS['headers']['Authorization'], $_SERVER['REMOTE_ADDR'])) {
        $data = [
            'company_name' => $_POST['company_name']

        $companies = $this->currentModel->findCompany($data);

            echo json_encode($companies);
        } else {
            echo json_encode(['success' => false]);
            else {
                echo json_encode(['success' => false, 'error' => "invalid token"]);

        } else {
            echo json_encode(['success' => false, 'error' => "token undefined"]);



the verifyUserToken function

public function verifyUserToken($token, $ip) {
        $db = new Database();

        $db->query('SELECT * FROM auth WHERE token = :token AND expiry >now()');

        $db->bind(':token', $token);
        //check database if token exists and is not expired
        if($res = $db->single()) {
            // checks if token matches to ip address
            // returns user or contact id if verified else returns false
            if($res->token === $token && $res->ip === $ip) {
                if($res->user_id >0) {
                    return $res->user_id;
            } else {
                return false;
        } else {
            return false;


I checked the database, and the token is clearly there. anyway, it’s not giving me an invalid token message. it looks like the token isn’t being sent.
It works fine when I do it in localhost on my machine.

IN order to debug, I used var_dump to see what gets sent. I don’t have much experience with PHP, but it looks like my headers authorizations never gets set. what could be the solution

see the images and code below for what I get in the console when I try. I truncated some of the paths for security purposes

        echo "global var= ";
you get
    array(13) {
      string(20) ""
      string(10) "keep-alive"
      string(2) "15"
      string(8) "no-cache"
      string(8) "no-cache"
      string(33) "application/json, text/plain, */*"
      string(115) "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36"
      string(33) "application/x-www-form-urlencoded"
      string(27) ""
      string(59) ""
      string(13) "gzip, deflate"
      string(14) "en-US,en;q=0.9"
      string(31) "_ga=GA1.2.1321601484.1609694939"

echo "global var= ";

echo "global var= ";


Source: Ask PHP