Authorization header fallback logic
SaschaHeyer opened this issue · 2 comments
SaschaHeyer commented
Hi Folks,
is there any way to define a fallback to look for the authorization header.
Sample
- Check if the authorization header is preset in
x-forwarded-authorization
- If not check if the authorization header is preset in
authorization
We have services which might overwrite the header and set the initial header to x-forwared-authorization
SaschaHeyer commented
I see this should be possible with custom extractor function
mikenicholson commented
I see this should be possible with custom extractor function
Correct. Corner cases like this are why I moved reading the jwt from a request to extractor functions rather than trying to implement every possible permutation in the strategy.
Closing since no changes should be required.