Closed dancastillo closed 9 months ago
@mcollina
Should we use @fastify/error to create FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER and FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER and use that instead? Would also be better passing them to the callback instead of native Node Errors?
I am ok with this. I would probably create a follow up PR in the few days to straighten this up.
Is verifying authtype suppose to be case sensitive ? I'm think it should not be. Found this : https://github.com/lexik/LexikJWTAuthenticationBundle/issues/411
Checklist
This PR fixes issue where any string with same length as
bearer
passes validation ex:AAAAAA auth_key
. fixes https://github.com/fastify/fastify-bearer-auth/issues/164npm run test
andnpm run benchmark