JWT REST API Authorization Also Read JWT From Authorization: Bearer Field

[lastpeony]

Discussed in https://github.com/orgs/ant-media/discussions/6475

^{Originally posted by **djegithub** July 9, 2024} Hi all, I'm working with Ant media server enterprises 2.9.0 and code generation from the openapi with [openapi-generator-maven-plugin](https://github.com/OpenAPITools/openapi-generator/tree/master/modules/openapi-generator-maven-plugin) I'm using JWT authentication for the REST API and added the security scheme of the openapi: "securitySchemes": { "bearerAuth": { "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } } The generation of code uses the standard Authorization header as defined here : [https://www.rfc-editor.org/rfc/rfc6750#section-2.1](https://www.rfc-editor.org/rfc/rfc6750#section-2.1) and there [https://swagger.io/docs/specification/authentication/bearer-authentication/](https://swagger.io/docs/specification/authentication/bearer-authentication/). My issue is that Ant Media API takes a header: "Authorization: " instead of the standard "Authorization: Bearer". Ant Media is not wrong in the sense the "Bearer" part is a SHOULD in the RFC but it would be great if the server was able to cope with both so code generation works out of the box instead of adding workaround. For now, I need to add an extra filter to add an extra filter to fix that. Would it be possible to apply this basic backward compatible fix? In java that I think is used: headerValue.replaceFirst("^Bearer ", "") Open for discussion :-)

Summary: Read jwt from Authorization: Bearer if it does not exist on Authorization: field on JWT REST Authentication

[burak-58]

Thank you @djegithub and @lastpeony for discussing this and converting it to issue. We can check this and make it compatible with the standard.

[mekya]

Thank you for the development @lastpeony

It's merged and can be closable.