Wrong error message returned when Authorization header is present but the "Bearer " prefix is missing #421

omasseau · 2022-03-01T15:47:51Z

When the Authorization header is found but its value does not contain a space (because the caller forgot to add 'Bearer ' at the start), then openid returns the error message "no Authorization header found".
This is misleading when troubleshooting as the cause of the error is not the Authorization header that is not present but its value that is incorrect.

  if header == nil or header:find(" ") == nil then
    err = "no Authorization header found"
    log(DEBUG, err)
    return nil, err
  end

--> header:find(" ") == nil is the problem here.

Environment

lua-resty-openidc 1.7.5

Expected behaviour

A more appropriate error should be returned (like "no Bearer authorization header value found") :)

Actual behaviour

"no Authorization header found" error is returned

The text was updated successfully, but these errors were encountered:

bodewig · 2022-03-05T08:47:38Z

True, I've moved the 0 check down to the next if statement where it will now say "no Bearer authorization header value found"

bodewig closed this as completed in a468d13 Mar 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Wrong error message returned when Authorization header is present but the "Bearer " prefix is missing #421

Wrong error message returned when Authorization header is present but the "Bearer " prefix is missing #421

omasseau commented Mar 1, 2022

bodewig commented Mar 5, 2022

Wrong error message returned when Authorization header is present but the "Bearer " prefix is missing #421

Wrong error message returned when Authorization header is present but the "Bearer " prefix is missing #421

Comments

omasseau commented Mar 1, 2022

Environment

Expected behaviour

Actual behaviour

bodewig commented Mar 5, 2022