Closed liamdennehy closed 5 years ago
I'm consulting on an implementation now where the Authorization header uses a (bearer) token retrieved from an OAuth2 service, and Signature header from this protocol. Using this library as-is (generating both) would either overwrite the Authorization header (losing the token) or add a second Authorization header, which most implementations would probably not understand or some may outright reject if they're not expecting it.
This is a required change IMHO, though I realise the potential for BC impact.
Closing issue due to inactivity.
These two headers have different meanings and intentions, and it may not be safe to simply issue both for all requests. PR #36 implements separate
sign
andauthorize
methods to generate these headers individually.