Closed bigunmd closed 1 year ago
probably easiest and quickest way is to use custom middleware that works like keyauth. No need to figth current implementation
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
auth := c.Request().Header.Get(echo.HeaderAuthorization)
if auth == "" {
return echo.ErrUnauthorized
}
// same as "KeyAuthValidator func(auth string, c echo.Context) (bool, error)" implementation would do
if auth != "IsNotStoredInSomewhere" { // fictional check from store
return echo.ErrUnauthorized
}
return next(c)
}
})
Got it, thanks. This is the way. Was just surprised with such things.
Issue Description
Greets!
KeyAuth
middleware is not supporting Auth Scheme where Authorizaiton header contains token without prefix. For instance, PASETO based flow does not requre to specify"Bearer "
type prefix for token. In case of existing KeyAuth middleware passing an empty string or empty space string to AuthScheme configuration parameter does not solve the problem.Btw, using X-Api-Key type of header is not constrained to such behaviour and works just fine without token prefixes.
Could you please provide a way to bypass such behaviour for Authorization header? Thanks in advance.
Actual behaviour
And then other shenanigans appear to happen here, in the extractros func, where is support for backward compat is added