The loopback3 version of backend accepts tokens via the access_token query parameter. The nest.js version accepts them via the Authorization: bearer header. Should the nest.js implementation accept both so that existing clients are more compatible?
Summary
In https://github.com/SciCatProject/pyscicat/pull/10#discussion_r811001158, we discuss how to send the token for pyscicat. Since that project is relatively new, several possibilities exist for maintaining forward compatibility with the nest.js implementation. However, before we bake a solution, I wanted to raise the possibility of supporting both methods of accepting access token in nest.js as there probably multiple clients that exist (pyscicat, the React-based app from MAX-IV, custom code that has been written at RFI).
Access Token
The loopback3 version of backend accepts tokens via the
access_tokenquery parameter. The nest.js version accepts them via theAuthorization: bearerheader. Should the nest.js implementation accept both so that existing clients are more compatible?Summary
In https://github.com/SciCatProject/pyscicat/pull/10#discussion_r811001158, we discuss how to send the token for
pyscicat. Since that project is relatively new, several possibilities exist for maintaining forward compatibility with the nest.js implementation. However, before we bake a solution, I wanted to raise the possibility of supporting both methods of accepting access token in nest.js as there probably multiple clients that exist (pyscicat, the React-based app from MAX-IV, custom code that has been written at RFI).