Currently, any lowercase or mixed case scheme parameter passed to JWTAuthenticationPolicy() will fail checks because _get_params() applies the upper() method to the request's scheme name but not to the custom scheme name, to which it is compared.
Example:
With scheme = 'Bearer', all of these headers currently fail auth:
Authorization: Bearer token="..."
Authorization: bearer token="..."
Authorization: BEARER token="..."
But with scheme = 'BEARER', they all pass.
As the most commonly used scheme is (probably) the mixed cased 'Bearer', it should probably not automatically fail...grin.
Currently, any lowercase or mixed case scheme parameter passed to JWTAuthenticationPolicy() will fail checks because _get_params() applies the upper() method to the request's scheme name but not to the custom scheme name, to which it is compared.
Example: With scheme = 'Bearer', all of these headers currently fail auth: Authorization: Bearer token="..." Authorization: bearer token="..." Authorization: BEARER token="..." But with scheme = 'BEARER', they all pass.
As the most commonly used scheme is (probably) the mixed cased 'Bearer', it should probably not automatically fail...grin.