search

tliron / prudence

An opinionated lightweight web framework built for scale
https://prudence.threecrickets.com
Apache License 2.0
13 stars 5 forks source link

Unable to simply set the 'Authorization" request header with Prudence request() #33

Closed mmilitzer closed 8 years ago

mmilitzer commented 8 years ago

Hi Tal,

I needed to make a request to a REST API that expects a bearer token in the "Authorization" header in the form "Authorization: Bearer SecretToken". I could not figure out how to do this.

It sees the "Authorization" header cannot be modified directly via Headers but a ChallengeResponse scheme must be chosen via params.authorization. However, also no matter which ChallengeScheme I use, I just couldn't make my token value to show up in the "Authorization" header as I needed it.

So I ended up modifying the request() code to support also specifying the "technical name" for the ChallengeScheme in params.authorization and add support for just setting a raw value (params.authorization.raw). Attached is the patch (sorry, I'm too lazy for a pull request)...

The patch does the job for me and I think it will not hurt the pre-existing functionality. But still I wonder if it's really needed to patch Prudence's resources.js to accomplish such a simple task. So if this can be done without the patch, please let me know how.

Thanks, Michael

challengescheme.txt

tliron commented 8 years ago

This happens to be a really annoying issue in Restlet with no trivial solutions. Your patch isn't bad at all, but I might modify it a bit before committing.

BTW, if you add the Restlet OAuth extension jar to your classpath, it will handle schemes like "oauth_bearer", but it's quite complex when all you want to do is set the string yourself.

I will test out some code and update this issue when I have something good.

tliron commented 8 years ago

I committed a fix that I think is a bit simpler than your version:

https://github.com/tliron/prudence/blob/master/components/prudence-javascript-library/libraries/scripturian/prudence/resources.js

You will see that it's enough just to specify the type and rawValue, e.g.:

authorization: {type: 'Bearer', rawValue: '12345'}

If the type is unsupported by a Restlet helper, then it will default to the simple header format. Thank you so much for your contribution on this!

mmilitzer commented 8 years ago

Yes, that's simpler indeed. I didn't know whether there's maybe a use-case already for the case that no Restlet helper exists for the type, so I did not want to "hijack" and modify this case in my patch. But yes, this way it's now simpler and more convenient. I updated my code to be in line with your patch. Thanks.