AccessTokenRequestReactiveFilter::propagateToken duplicates the authorization header #36810

sahuefficy · 2023-11-01T10:07:19Z

Line 127 in 58bc0c4

    
           requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, BEARER_SCHEME_WITH_SPACE + accessToken);

duplicates the authorization header with bearer scheme in case a re-attempt is made to an end point within the same same request handling paradigm.

I faced that while implementing retry for a RestClient.

I will send a PR shortly.

sberyozkin · 2023-11-01T10:12:46Z

@sahuefficy thanks, can you please also check if the header should be set instead of being added in the non reactive version

sahuefficy · 2023-11-01T10:24:12Z

Did you refer to the following:

Line 26 in 58bc0c4

    
           requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, BEARER_SCHEME_WITH_SPACE + token);

I can see the same pattern there too.

sahuefficy · 2023-11-01T10:57:57Z

This has been in all versions. I am using 2.16 though.

quarkus-bot · 2023-11-01T14:28:08Z

/cc @pedroigor (bearer-token)

quarkus-bot bot added the triage/needs-triage label Nov 1, 2023

sahuefficy mentioned this issue Nov 1, 2023

Duplicate Authorization Bearer Header Fix #36811

Closed

sberyozkin added area/security and removed triage/needs-triage labels Nov 1, 2023

sahuefficy mentioned this issue Nov 2, 2023

Duplicate Authorization Bearer Header Fix #36835

Merged

sberyozkin closed this as completed in #36835 Nov 2, 2023

quarkus-bot bot added this to the 3.6 - main milestone Nov 2, 2023

aloubyansky modified the milestones: 3.6 - main, 3.2.8.Final Nov 3, 2023

Provide feedback