Bearer header - Githubissues

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure

https://docs.microsoft.com/azure

Creative Commons Attribution 4.0 International

10.28k stars 21.47k forks source link

Bearer header #21390

Closed cveld closed 5 years ago

cveld commented 5 years ago

Why do you suggest to put the jwt in the custom http header "x-zumo-auth"? Wouldn't you prefer to use the authorization bearer header?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: d4518495-4e07-ce2e-4045-5a50b7922b55
Version Independent ID: 034d1ba0-a737-21ab-3717-ed8798ac5fe1
Content: Advanced usage of authentication and authorization - Azure App Service
Content Source: articles/app-service/app-service-authentication-how-to.md
Service: app-service
GitHub Login: @cephalin
Microsoft Alias: cephalin

MarileeTurscak-MSFT commented 5 years ago

@cveld Thanks for your feedback! We will investigate and update as appropriate.

BryanTrach-MSFT commented 5 years ago

@cveld This is where the app service platform will be looking at by default, which is why the doc suggests to place the jwt in the x-zumo header.

We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

cveld commented 5 years ago

@BryanTrach-MSFT maybe you can explain the origin of the name? "aZUre MObile"? And maybe you can explain the preference for such a custom header. Wouldn't it be more logical to add bearer handling to Easy Auth as well?

wanlwanl commented 5 years ago

@BryanTrach-MSFT X-ZUMO-AUTH doesn't work if the provider is AAD and the target is Azure Function api. But Authorization header works.