felangel / fresh

🍋 A token refresh library for Dart.
https://github.com/felangel/fresh
360 stars 57 forks source link

[fresh_graphql] wrong Bearer case #83

Closed subzero911 closed 4 months ago

subzero911 commented 1 year ago

1) OAuth2Token has "bearer" token type by default but the proper name is "Bearer" Case is crucial here, I cannot perform the request with "bearer". I debugged for an hour to find a reason! 2) Auth header name is "authorization", but it should be "Authorization". It doesn't really matter, header "authorization" has been accepted too, but it's still not correct.

felangel commented 4 months ago

According to RFC 7235 Section 2.1, the auth-scheme part of an HTTP Authorization header is case-insensitive.

That means Authorization: Bearer aaa111ccc and Authorization: bearer aaaccc (and also authorization: bearer aaa111ccc, since header names are also case-insensitive) must be treated identically.