Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Support "Authorization: Bearer xxx" token passing format in cubejs-api-gateway #1297
Assignees
Comments
|
Interestingly, AWS Cognito does not use the |
|
@joshk0 Hey Joshua! Thanks for posting it! It's really small change and we're looking for a volunteer to contribute this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
It is idiomatic for JWTs to be accepted using a header format of
Authorization: Bearer <JWT>(see jwt.io introduction.) In general, in history, the RFCs surrounding the authorization header have taken care to specify the mode of Authorization as the first part of the header value (e.g. Basic, Digest et al.) See RFC 2617 and RFC 6750.However, according to Cube.js docs, you in fact must pass the token as a bare string in the Authorization header. Since you do use JWTs idiomatically, people will naturally be drawn to specifying the Authorization header as a Bearer token.
Describe the solution you'd like
In cubejs-api-gateway, please support the use of the idiomatic
Authorization: Bearer xxxmethod of passing JWTs into a webservice.Describe alternatives you've considered
If you had a reason to want the key passed as a bare string, you could come up with an unofficial header key and value, such as X-Cubejs-JWT. Then there would be no expectations around what format that header would have and people would double check before using the API.