search

IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Apache License 2.0
2.43k stars 842 forks source link

Bearer token type casing? #1392

Open samuel99 opened 3 years ago

samuel99 commented 3 years ago

First of. This is my first time implementing OIDC, have that in mind when reading the following, my terminology might be wrong.

So, I'm using the oidc-client library to connect to an auth server from an Angular app. When I try to authenticate to an API, I append the authorization headers like so:

  getAuthorizationHeaderValue(): string {
    return `${this.user.token_type} ${this.user.id_token}`;
  }

The request looks like this:

image

The server does not accept bearer to be in lowercase. If I change to Bearer it works:

  getAuthorizationHeaderValue(): string {
    return `${this.capitalizeFirstLetter(this.user.token_type)} ${this.user.id_token}`;
  }
  capitalizeFirstLetter(string: string) {
    return string.charAt(0).toUpperCase() + string.slice(1);
  }

But this doesn't feel right?

If I look at the IETF spec it says: image https://tools.ietf.org/id/draft-ietf-oauth-v2-bearer-13.xml#rfc.section.5.1.1

Am I doing something wrong here? Can I change it to be Bearer instead of bearer?

GuentherK commented 3 years ago

I have to say I actually never used the token_type property and instead always wrote Bearer ${user.access_token}. The access_token prop is from the oidc-client usermanager

samuel99 commented 3 years ago

Thanks for your reply @GuentherK!

Since this is my first time implementing oidc, I followed a tutorial and Scott used the token_type property. But then i know it's okay to just hardcode it to Bearer. https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client

Thanks!