Cloud PDP returns 401 due to lowercase "bearer" in Authorization header #122
Description
Description
The SDK uses lowercase bearer in the Authorization header, but the Cloud PDP (https://cloudpdp.api.permit.io) requires uppercase Bearer per RFC 6750.
Location
https://github.com/permitio/permit-python/blob/main/permit/enforcement/enforcer.py#L47
self._headers = {
"Content-Type": "application/json",
"Authorization": f"bearer {self._config.token}", # Should be "Bearer"
}
Steps to Reproduce
- Use permit SDK v2.8.3 with Cloud PDP
- Call
permit.check()with valid API key - Get
PermitConnectionError: Permit SDK got unexpected status code: 401
Evidence
Lowercase bearer fails:
curl -X POST https://cloudpdp.api.permit.io/allowed
-H "Authorization: bearer permit_key_xxx"
-H "Content-Type: application/json"
-d '{"user": {"key": "test"}, "action": "view", "resource": {"type": "Resource"}}'
Returns: {"message":"Unauthorized"}
Uppercase Bearer works:
curl -X POST https://cloudpdp.api.permit.io/allowed
-H "Authorization: Bearer permit_key_xxx"
-H "Content-Type: application/json"
-d '{"user": {"key": "test"}, "action": "view", "resource": {"type": "Resource"}}'
Returns: {"allow": true, ...}
Fix
Change line 47 in permit/enforcement/enforcer.py:
"Authorization": f"Bearer {self._config.token}",
Environment
- permit SDK version: 2.8.3
- Python: 3.13
- PDP: Cloud PDP (https://cloudpdp.api.permit.io)