-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bearer in lowercase in authorization header #45
Comments
Hello @jngutteridge, Thanks for reporting! Sure we can take this into consideration. What about changing the keycloak-angular code to leave this value dynamic? So any changes in the future can be done through configuration. I thought to solve this issue by adding a new parameter to the KeycloakOptions interface. The default will be bearer or Bearer (I will check the standard), but you might change to whatever you need. |
Hi @mauriciovigolo, thanks for your quick reply! Having a dynamic value would be great. Your proposed solution would work well and enable alternative solutions to work, should there be any non-standard setups out there. After a quick dig, it appears that despite the standard using "Bearer", HTTP headers are actually case-insensitive, so any compliant solution should manage with both: There is a Spring Security issue with the problem addressed on there end: And another with reference to Facebook and Google only accepting "Bearer": Thanks again! |
Hi @jngutteridge, New feature released on v. 1.3.0. Using the property KeycloakOptions#bearerPrefix you can now setup a custom bearer prefix. Thanks for reporting! |
Hi,
In keycloak.service.ts our team discovered that the lowercase "bearer" in the authorisation header causes issues with Spring Web. I appreciate this is a fussy thing to point out, and can be fixed on the back-end, but the stricter standard "Bearer" tends to be used throughout in the RFC:
https://tools.ietf.org/html/rfc6750#section-2.1
https://tools.ietf.org/html/rfc6750#section-6.1.1
This is the line concerned:
https://github.com/mauriciovigolo/keycloak-angular/blob/master/src/services/keycloak.service.ts#L328
I couldn't find any other discussion related to this in the issue tracker. Could this be taken into consideration, to change "bearer" to "Bearer"?
Many thanks
The text was updated successfully, but these errors were encountered: