liamdennehy
commented
5 years ago I'm consulting on an implementation now where the Authorization header uses a (bearer) token retrieved from an OAuth2 service, and Signature header from this protocol. Using this library as-is (generating both) would either overwrite the Authorization header (losing the token) or add a second Authorization header, which most implementations would probably not understand or some may outright reject if they're not expecting it.
This is a required change IMHO, though I realise the potential for BC impact.
These two headers have different meanings and intentions, and it may not be safe to simply issue both for all requests. PR #36 implements separate
signandauthorizemethods to generate these headers individually.