Closed mootari closed 9 months ago
Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.
I'm afraid not. In practice this is not an issue for me and doesn't warrant spending more of my time on it. I just wanted to make sure it gets logged. 🙏
Prerequisites
Fastify version
4.24.3
Plugin version
9.1.0
Node.js version
18.13.0
Operating system
macOS
Operating system version (i.e. 20.04, 11.3, 10)
13.6.1
Description
The plugin does not verify that the authentication scheme passed in the
authorization
header matches the value ofbearerType
. Additionally the string length comparison allows for the scheme to be one character shorter.Steps to Reproduce
Create
server.mjs
:Run:
Expected Behavior
The server should respond with
401 Unauthorized
if the authorization scheme does not matchbearerType
.