stassats
commented
6 months ago Is it substantially better than just using :additional-headers?
Open kilianmh opened 6 months ago
stassats
commented
6 months ago Is it substantially better than just using :additional-headers?
kilianmh
commented
6 months ago Bearer authorization is widespread nowadays, e.g. for oauth2 and api calls.
Is it substantially better than just using
:additional-headers?
Adding new parameters makes it more convenient and less error prone (no typo in "Bearer ").
There is also a sanity check that basic-authorization is not supplied at the same time with
bearer-authorization. We could also add a check that gives an error when another
authorization header is present in :additional-headers, but that might impact performance more.
Added
bearer-authorizationandproxy-bearer-authorization. When(and bearer-authorization basic-authorization)or(and proxy-bearer-authorization proxy-basic-authorization)an error is signaled.Also added tests for error signalling and whether the authorization value appears appropriately in the header.