Issue with how JWT Auth is handled (out of compliance with RFC 6750)

Question

Issue with how JWT Auth is handled (out of compliance with RFC 6750)

Closed this issue 2 years ago · 0 comments

According to RFC 6750, the Authorization header of a request should contain Bearer before the actual token, for example: Authorization: Bearer eyJ..., but that will return a 401 error in the current implementation.

Currently, it works when the Authorization header content isn't prefixed by Bearer

I'll create a PR to fix this soon, but will hold off on merging it (without review) as it is technically a breaking change