Allow overriding the Authorization header

[SibrenTalens]

In our project we need a separate token for mutations. I expected to be able to override the Authorization header like this:

    const headers = {'Authorization': `Bearer ${state.token}`};

    return client.update(resource, {headers});

However, the tokenResponse takes presence.

[vlad-ignatov]

In our project we need a separate token for mutations

Can you explain how that works? Do you get different permissions based on the token you use (but still only use one token for everything), or do you expect to somehow work with multiple tokens depending on what you are about to do?

It seems to me that your proposed change would lock the authorization header to whatever is provided in requestOptions (if any). In other words, imagine the following sequence:

1. You authorize and get an access token and a refresh token
2. You use your app for a while and the access token expires
3. You make another request and pass your own authorization header as an option
   • At that moment the library would detect the expired access token and fetch new one
   • Then, despite having a fresh access token, your authorization header will override it

Is that the intended behavior here?