This repository has been archived by the owner on May 31, 2022. It is now read-only.
Authorization header contains lowercase bearer authorization scheme #558
Labels
Comments
|
If the server sends "Bearer" in it's access token response then Spring OAuth will honour that I believe. This seems like a duplicate of #457 in any case. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
As https://tools.ietf.org/html/rfc6750#section-2.1 states,
Clients SHOULD make authenticated requests with a bearer token using
the "Authorization" request header field with the "Bearer" HTTP
authorization scheme.
Unfortunately, DefaultOAuth2AccessToken lowercases the Bearer authorization scheme ( BEARER_TYPE.toLowerCase())
This causes the OAuth2RestTemplate to insert an authorization header with lowercase bearer authorization scheme. Some server implementations fail on the lowercase bearer authorization scheme
The text was updated successfully, but these errors were encountered: