Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow overriding the Authorization header #143

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

SibrenTalens
Copy link

In our project we need a separate token for mutations. I expected to be able to override the Authorization header like this:

    const headers = {'Authorization': `Bearer ${state.token}`};

    return client.update(resource, {headers});

However, the tokenResponse takes presence.

@vlad-ignatov
Copy link
Collaborator

In our project we need a separate token for mutations

Can you explain how that works? Do you get different permissions based on the token you use (but still only use one token for everything), or do you expect to somehow work with multiple tokens depending on what you are about to do?

It seems to me that your proposed change would lock the authorization header to whatever is provided in requestOptions (if any). In other words, imagine the following sequence:

  1. You authorize and get an access token and a refresh token
  2. You use your app for a while and the access token expires
  3. You make another request and pass your own authorization header as an option
    • At that moment the library would detect the expired access token and fetch new one
    • Then, despite having a fresh access token, your authorization header will override it

Is that the intended behavior here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants