Description
The current authentication middleware extracts the token by replacing the exact string "Bearer " from the Authorization header. This approach is case-sensitive and may fail when clients send variations such as "bearer" or "BEARER".
Examples:
Authorization: bearer <token>
Authorization: BEARER <token>
Authorization: Bearer <token>
Proposed Solution
Use a case-insensitive approach when parsing the Authorization header, such as a regular expression or normalization of the scheme before validation.
Benefits
- Improves compatibility with different clients and libraries.
- Aligns with common HTTP header handling practices.
- Makes authentication more robust and less dependent on exact casing.
Acceptance Criteria
- Authorization scheme is parsed in a case-insensitive manner.
- Existing
"Bearer <token>" behavior remains unchanged.
- Valid tokens are accepted regardless of the casing used for the Bearer scheme.
Description
The current authentication middleware extracts the token by replacing the exact string
"Bearer "from the Authorization header. This approach is case-sensitive and may fail when clients send variations such as"bearer"or"BEARER".Examples:
Proposed Solution
Use a case-insensitive approach when parsing the Authorization header, such as a regular expression or normalization of the scheme before validation.
Benefits
Acceptance Criteria
"Bearer <token>"behavior remains unchanged.