Open codecowboy opened 8 years ago
I see this comment in strategy.js:
Authorization
access_token
This is in a project which has passport-http-bearer as dependency (version 1.0.1)- https://github.com/NodeBB/nodebb-plugin-write-api
I've tried asking the maintainer of that project but he says the following code is not his:
Strategy.prototype.authenticate = function(req) { var token; if (req.headers && req.headers.authorization) { var parts = req.headers.authorization.split(' '); if (parts.length == 2) { var scheme = parts[0] , credentials = parts[1]; if (/^Bearer$/i.test(scheme)) { token = credentials; } } else { return this.fail(400); } } if (req.body && req.body.access_token) { if (token) { return this.fail(400); } token = req.body.access_token; } if (req.query && req.query.access_token) { if (token) { return this.fail(400); } token = req.query.access_token; } if (!token) { return this.fail(this._challenge()); } var self = this; function verified(err, user, info) { if (err) { return self.error(err); } if (!user) { if (typeof info == 'string') { info = { message: info } } info = info || {}; return self.fail(self._challenge('invalid_token', info.message)); } self.success(user, info); } if (self._passReqToCallback) { this._verify(req, token, verified); } else { this._verify(token, verified); } };
Wouldn't the above code block those use of the access_token parameter?
When I try to pass the bearer token in as a query or body parameter, I get a 401 but if I pass it as an authorization header, the call works.
Any ideas how I can debug this further to figure out what is blocking the request?
I see this comment in strategy.js:
Authorization
header field,access_token
access_token
query parameter.This is in a project which has passport-http-bearer as dependency (version 1.0.1)- https://github.com/NodeBB/nodebb-plugin-write-api
I've tried asking the maintainer of that project but he says the following code is not his:
Wouldn't the above code block those use of the access_token parameter?
When I try to pass the bearer token in as a query or body parameter, I get a 401 but if I pass it as an authorization header, the call works.
Any ideas how I can debug this further to figure out what is blocking the request?