From a7ed1fe956ec0a7459318a8e017d85d5770eb6c8 Mon Sep 17 00:00:00 2001
From: Artem Azaraev <artem.azaraev@gmail.com>
Date: Fri, 10 Oct 2025 13:59:57 +0300
Subject: [PATCH 1/2] Add error logging for a missing Authorization header
 during the minimal permission check

---
 .../Extensions/OpenApiDocumentExtensions.cs          | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs b/DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs
index a01800b4..04adcfdd 100644
--- a/DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs
+++ b/DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs
@@ -33,7 +33,17 @@ public static ApiPermissionsInfo CheckMinimalPermissions(this OpenApiDocument op
             logger.LogDebug("Checking request {Request}...", methodAndUrl);
             var (method, url) = (methodAndUrlChunks[0].ToUpperInvariant(), methodAndUrlChunks[1]);
 
-            var scopesFromTheToken = MinimalPermissionsUtils.GetScopesFromToken(request.Context?.Session.HttpClient.Request.Headers.First(h => h.Name.Equals("authorization", StringComparison.OrdinalIgnoreCase)).Value, logger);
+            var authorizationHeaderValue = request.Context?.Session.HttpClient.Request.Headers.FirstOrDefault(h => h.Name.Equals("authorization", StringComparison.OrdinalIgnoreCase))?.Value;
+            if (authorizationHeaderValue is null)
+            {
+                errors.Add(new()
+                {
+                    Request = methodAndUrl,
+                    Error = "No Authorization header found"
+                });
+            }
+
+            var scopesFromTheToken = MinimalPermissionsUtils.GetScopesFromToken(authorizationHeaderValue, logger);
             if (scopesFromTheToken.Length != 0)
             {
                 tokenPermissions.AddRange(scopesFromTheToken);

From 137e96b38b3f8569ec33ce624eb6982b99a34269 Mon Sep 17 00:00:00 2001
From: Waldek Mastykarz <waldek@mastykarz.nl>
Date: Fri, 17 Oct 2025 14:17:43 +0200
Subject: [PATCH 2/2] Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs b/DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs
index 04adcfdd..2a4fbbd8 100644
--- a/DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs
+++ b/DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs
@@ -41,6 +41,7 @@ public static ApiPermissionsInfo CheckMinimalPermissions(this OpenApiDocument op
                     Request = methodAndUrl,
                     Error = "No Authorization header found"
                 });
+                continue;
             }
 
             var scopesFromTheToken = MinimalPermissionsUtils.GetScopesFromToken(authorizationHeaderValue, logger);