search

oicr-softeng / keycloak-apikeys

Keycloak plugin to enable API Keys for user authentication
GNU General Public License v3.0
0 stars 0 forks source link

check api key endpoint case sensitive. #14

Open leoraba opened 3 months ago

leoraba commented 3 months ago

Description:

The endpoint POST apikey/check_api_key/ returns error Bad Request 400 with following request:

Request:

curl -L -X POST 'http://localhost:8180/realms/myrealm/apikey/check_api_key/' \
-H 'x-api-key: PurOW3y7SWVXyvfTT75fv6E32l0CARaaVtzUo72qU5q2Ef8Csu' \
-H 'Authorization: Basic c29uZzpzb25nc2VjcmV0' \
-H 'Cookie: JSESSIONID=1EB0B12B8BCC5E163675157B5910DF86' \
-F 'apikey="05c8a1b6-b21e-45b6-b00e-97074b40a5cc"'

Response:

400 Bad Request
{
    "error": "ApiKey cannot be empty."
}
leoraba commented 3 months ago

The described endpoint receives form-data parameters case sensitive apikey where it expects apiKey.