Closed codylittle closed 3 months ago
Hi @codylittle, thanks for bringing this up. Your code would not work in case of Azure AD/Entra ID authentication, where requests will not contain any API key. I have quickly fixed the issue on my own now and will release a new version.
Hey @timoklimmer, can you please elaborate to fix up my understanding on the flow for Azure AD/Entra ID.
Wouldn't this case still have worked since client
gets assigned to config["FIXED_CLIENT"]
on L190 or is FIXED_CLIENT optional for Azure AD/Entra ID implementations?
In case of Azure AD/Entra ID authentication, an Authorization header is used instead of an API key. I think it's safer to replace the API key only if we got one, avoiding dependencies on client identification.
Yep - makes sense, thanks (:
Currently all requests that do not contain the
api-key
header are processed as successful.