Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for "Authorization: Bearer KEY" to follow the RFC 6750 #1830

Closed
wants to merge 1 commit into from
Closed

Add support for "Authorization: Bearer KEY" to follow the RFC 6750 #1830

wants to merge 1 commit into from

Commits on Jan 25, 2024

  1. Add support for "Authorization: Bearer KEY" to follow the RFC 6750 

    ATM non-authenticated request is receiving 401 response with "Bearer" as the
auth-scheme:

    ❯ curl --verbose -J -L -X 'GET' 'http://localhost:8000/api/assets/ac212d93-525a-4454-afdd-85b90aad6143/download/' 2>&1 | grep WW-A
    < WWW-Authenticate: Bearer realm="api"

But according to the
https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#authentication_schemes
and in particular https://datatracker.ietf.org/doc/html/rfc6750 for such
request client should provide "Authorization: Bearer KEY" not "Authorization:
token KEY".

This commit adds support for both so we could follow the standard and retain
support of already implemented client solutions. Such approach is also taken by
GitHub API:
https://docs.github.com/en/rest/authentication/authenticating-to-the-rest-api?apiVersion=2022-11-28

Verification of functionality:

	❯ curl -J -L -X 'GET' 'http://localhost:8000/api/assets/ac212d93-525a-4454-afdd-85b90aad6143/download/'
	{"detail":"Authentication credentials were not provided."}%                                                                                                                                                                                                        ❯ curl -J -L -X 'GET' 'http://localhost:8000/api/assets/ac212d93-525a-4454-afdd-85b90aad6143/download/?content_disposition=attachment' -H 'Authorization: Bearer 21a587dff19ec6956364443b97414d8bb4331b09'
	MYDATA
	❯ curl -J -L -X 'GET' 'http://localhost:8000/api/assets/ac212d93-525a-4454-afdd-85b90aad6143/download/?content_disposition=attachment' -H 'Authorization: token 21a587dff19ec6956364443b97414d8bb4331b09'
	MYDATA
	❯ curl -J -L -X 'GET' 'http://localhost:8000/api/assets/ac212d93-525a-4454-afdd-85b90aad6143/download/?content_disposition=attachment' -H 'Authorization: Token 21a587dff19ec6956364443b97414d8bb4331b09'
	MYDATA
	❯ curl -J -L -X 'GET' 'http://localhost:8000/api/assets/ac212d93-525a-4454-afdd-85b90aad6143/download/?content_disposition=attachment' -H 'Authorization: dragon 21a587dff19ec6956364443b97414d8bb4331b09'
	{"detail":"Authentication credentials were not provided."}

Closes #1825
    @yarikoptic
    yarikoptic committed Jan 25, 2024
    Configuration menu
    Copy the full SHA
    ae67776 View commit details
    Browse the repository at this point in the history