Add support for Bearer authorization format

Created on 7 September 2021, over 3 years ago
Updated 6 November 2024, about 1 month ago

Problem/Motivation

We would like to support authentication in the JWT using Bearer schema:

Authorization: Bearer <token>

Proposed resolution

Extend the KeyAuth service to parse the header content. Here's a preliminary code borrowed from JWT module (https://git.drupalcode.org/project/jwt/-/blob/8.x-1.x/src/Authentication...)

  public static function getToken(Request $request) {
    $auth_headers = [];
    $auth = $request->headers->get('Authorization');
    if ($auth) {
      $auth_headers[] = $auth;
    }
    // Check a second header used in combination with basic auth.
    $fallback = $request->headers->get('JWT-Authorization');
    if ($fallback) {
      $auth_headers[] = $fallback;
    }
    foreach ($auth_headers as $value) {
      if (preg_match('/^Bearer (.+)/', $value, $matches)) {
        return $matches[1];
      }
    }
    return FALSE;
  }

Remaining tasks

  1. Provide a patch to parse the Bearer schema
  2. Write test
✨ Feature request
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡·πŸ‡΄Romania cristiroma

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡ΈUnited States devkinetic

    +1 very relevant. This module currently uses custom headers, when in reality there are already standards in place for how API key auth should be setup in a request, and how the responses should be formatted.

Production build 0.71.5 2024