feat: support custom session token header

The `/sessions/whoami` endpoint now accepts the ORY Kratos Session Token in the `X-Session-Token` HTTP header.
ory · Oct 13, 2020 · 56bec76 · 56bec76
1 parent 3b3b78c
commit 56bec76
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 2 deletions.
diff --git a/.schema/api.swagger.json b/.schema/api.swagger.json
@@ -2631,7 +2631,7 @@
   "securityDefinitions": {
     "sessionToken": {
       "type": "apiKey",
-      "name": "Authorization",
+      "name": "X-Session-Token",
       "in": "header"
     }
   },

diff --git a/docs/docs/guides/login-session.mdx b/docs/docs/guides/login-session.mdx
@@ -145,6 +145,8 @@ Token as a bearer token in the HTTP Authorization Header:
 $ sessionToken=oFZzgLpsacUpUy2cvQPtrGa2046WcXCR
 $ curl -s -X POST -H  "Accept: application/json" \
     -H "Authorization: Bearer $sessionToken" \
+    # OR: \
+    # -H "X-Session-Token: $sessionToken" \
     http://127.0.0.1:4433/sessions/whoami | jq
 
 {

diff --git a/session/manager_http.go b/session/manager_http.go
@@ -100,6 +100,10 @@ func (s *ManagerHTTP) extractToken(r *http.Request) string {
 		return token
 	}
 
+	if token := r.Header.Get("X-Session-Token"); len(token) > 0 {
+		return token
+	}
+
 	cookie, err := s.r.CookieManager().Get(r, s.cookieName)
 	if err != nil {
 		return ""

diff --git a/swagger_meta.go b/swagger_meta.go
@@ -17,7 +17,7 @@
 //     SecurityDefinitions:
 //     sessionToken:
 //          type: apiKey
-//          name: Authorization
+//          name: X-Session-Token
 //          in: header
 //
 //     Extensions: