Authorization header fallback logic

mikenicholson / passport-jwt

Passport authentication using JSON Web Tokens

MIT License

1.96k stars 213 forks source link

Authorization header fallback logic #214

Closed SaschaHeyer closed 3 years ago

SaschaHeyer commented 4 years ago

Hi Folks,

is there any way to define a fallback to look for the authorization header. Sample

Check if the authorization header is preset in x-forwarded-authorization
If not check if the authorization header is preset in authorization

We have services which might overwrite the header and set the initial header to x-forwared-authorization

giphy

SaschaHeyer commented 4 years ago

I see this should be possible with custom extractor function

mikenicholson commented 3 years ago

I see this should be possible with custom extractor function

Correct. Corner cases like this are why I moved reading the jwt from a request to extractor functions rather than trying to implement every possible permutation in the strategy.

Closing since no changes should be required.