Open willoucom opened 4 years ago
omega3000
commented
2 years ago I agree to this solution. In my setup I provide a slim API for a frontend Vue application were I wanted to use basic auth to secure the API endpoint and a bearer token for user authentication. So my header looked like this:
Authorization: Basic <base64UserPasswd>, Bearer <jsonWebToken>
The approach from @willoucom made that work!
tuupola
commented
2 years ago AFAIK header which looks like below is invalid syntax.
Authorization: Basic <base64UserPasswd>, Bearer <jsonWebToken>
nerdlibfront
commented
2 years ago We occured the same issue in another scenario. It seems that the combination of AWS ALB, EKS ingress, an apache pod and HTTP/2 leads to a duplication of the header somewhere down the road, resulting in a Header like: Authorization: Basic foo,Basic foo
I agree that this is basically not the problem of the library, but it would add some resilience if the lib would just take the first header starting with "Basic".
willoucom
commented
2 years ago I agree with @tuupola , having 2 different authorization is invalid. There are multiple discussions on the Internet about this header and it seems that nobody agrees on a solution.
However, I think the problem with some loadbalancers (e.g. amazon/scaleway/azure) duplicating the header can lead to a lot of problems for developers wanting to use this library (which I consider great). To solve this problem, I can modify my patch to retrieve only the first element of the header and ignore the others, I think this will solve the problem caused by LBs and prevent misuse of the header (i.e. using multiple schemas in the same header).
What do you think about this alternative?
Fixes #89
Since getHeaderLine() can return a coma separated string, i add an explode and a foreach.
Updated tests to reflect the change