-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix OAuth request helper to support Authorization header value parsing with non-leading OAuth key #8158
Fix OAuth request helper to support Authorization header value parsing with non-leading OAuth key #8158
Conversation
…g with non-leading OAuth key This prevents the Web API request validator from throwing a permissions error when OAuth is used in conjunction with Basic authorization (or other Authorization header values). Fixes #8149
Can you improve this to Beared authorization ? |
@franckgarnier21 this would require an OAuth 2.0 implementation (which doesn't exist currently, but I would imagine is on the Magento roadmap). |
In our case we have a staging website with blanket HTTP Basic in front |
@careys7 thanks, makes sense |
@franckgarnier21 OAuth 2.0 authentication with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I see OAuth specification does not state that OAuth authentication declaration should be at the first place.
@careys7 Thank you for the contribution! |
This prevents the Web API request validator from throwing a permissions error when OAuth is used in conjunction with Basic authorization (or other
Authorization
header values).Fixes #8149