Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added 'Authorization' header with bearer token #1534

Merged
merged 4 commits into from
Jun 24, 2022
Merged

Added 'Authorization' header with bearer token #1534

merged 4 commits into from
Jun 24, 2022

Conversation

rhiroshi
Copy link
Contributor

Added Authorization header with bearer token defined in RFC 6750
related issues: #1522 #902 #1487

MaicolBen
MaicolBen approved these changes Jun 24, 2022
View reviewed changes
app/controllers/devise_token_auth/concerns/set_user_by_token.rb
@token = DeviseTokenAuth::TokenFactory.new unless @token
@token.token ||= request.headers[access_token_name] || params[access_token_name] || parsed_auth_cookie[access_token_name]
@token.client ||= request.headers[client_name] || params[client_name] || parsed_auth_cookie[client_name]
@token.token ||= request.headers[access_token_name] || params[access_token_name] || parsed_auth_cookie[access_token_name] || decoded_authorization_token[access_token_name]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems a not breaking way to include authorization header with bearer, great 👏

@MaicolBen MaicolBen merged commit 8f44a8c into lynndylanhurley:master Jun 24, 2022
@mltsy mltsy mentioned this pull request Jun 24, 2022
Closed
@Petercopter Petercopter mentioned this pull request Jun 27, 2022
Closed
@hatsu38 hatsu38 mentioned this pull request Jul 14, 2022
Closed
@artplan1 artplan1 mentioned this pull request Aug 8, 2022
Open
@theblang
Copy link
Contributor

@rhiroshi Could we turn this off when DeviseTokenAuth.cookie_enabled? This PR increases the cookie size considerably, and unnecessarily since an Authorization header doesn't make sense when using the cookie transport method.

@rhiroshi
Copy link
Contributor Author

commented with a different account. I will create a PR this week to address this

@barillax
Copy link

barillax commented Nov 4, 2022

@rhiroshi any update on making it possible to disable this header when DeviseTokenAuth.cookie_enabled is true? Thanks!

@rhiroshi rhiroshi mentioned this pull request Dec 6, 2022
Merged
@rhiroshi
Copy link
Contributor Author

rhiroshi commented Dec 6, 2022

@theblang @barillax Created the PR, sorry for the delay

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaicolBen MaicolBen MaicolBen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rhiroshi @theblang @barillax @MaicolBen