Open kilianmh opened 7 months ago
Is it substantially better than just using :additional-headers?
Bearer authorization is widespread nowadays, e.g. for oauth2 and api calls.
Is it substantially better than just using
:additional-headers
?
Adding new parameters makes it more convenient and less error prone (no typo in "Bearer "
).
There is also a sanity check that basic-authorization
is not supplied at the same time with
bearer-authorization
. We could also add a check that gives an error when another
authorization header is present in :additional-headers
, but that might impact performance more.
Added
bearer-authorization
andproxy-bearer-authorization
. When(and bearer-authorization basic-authorization)
or(and proxy-bearer-authorization proxy-basic-authorization)
an error is signaled.Also added tests for error signalling and whether the authorization value appears appropriately in the header.