Uploaded image for project: 'CRISP'
  1. CRISP
  2. CRISP-7

'Bearer' in Authorization header value to be case-sensitive option

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 2.0.1
    • Fix Version/s: 2.1.0
    • Labels:
      None
    • Similar issues:

      Description

      According to the specification [1], the header value for 'Authorization' must be case-insensitive.
      For example, the following two must not make a difference:

      Authorization: Bearer 15a75234561c0817461234579153203ebcd54321
      
      Authorization: bearer 15a75234561c0817461234579153203ebcd54321
      

      However, some servers do not understand if the second one bearer ... is used.
      By the way, some rest client framework uses the lower-cased bearer ... always for some reasons:

      Some servers such as WebDAM (https://webdam.com/)'s REST API (ref: https://www.damsuccess.com/hc/en-us/articles/202134055-REST-API) or Amazon REST API (ref: https://github.com/golang/oauth2/issues/113) does not take Authorization header correctly if the header value is lower-cased unfortunately.

      Strictly speaking, the server implementations were wrong and the rest client framework such as spring-security-oauth do not have a problem.
      However, practically, it's not easy to get those external servers fixed correctly in time.

      Therefore, I think it's better to provide a custom org.springframework.security.oauth2.client.DefaultOAuth2RequestAuthenticator class in CRISP API to correct the header value to Bearer ... all the time.

      [1] https://tools.ietf.org/html/rfc2617#section-1.2

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wko Woonsan Ko
                Reporter:
                wko Woonsan Ko
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: