client-js icon indicating copy to clipboard operation
client-js copied to clipboard

Published 20 hours ago verified publisher icon smart-on-fhir

Allow overriding the Authorization header

Open SibrenTalens opened this issue 3 years ago • 1 comments
trafficstars

In our project we need a separate token for mutations. I expected to be able to override the Authorization header like this:

    const headers = {'Authorization': `Bearer ${state.token}`};

    return client.update(resource, {headers});

However, the tokenResponse takes presence.

SibrenTalens avatar Feb 08 '22 10:02 SibrenTalens

In our project we need a separate token for mutations

Can you explain how that works? Do you get different permissions based on the token you use (but still only use one token for everything), or do you expect to somehow work with multiple tokens depending on what you are about to do?

It seems to me that your proposed change would lock the authorization header to whatever is provided in requestOptions (if any). In other words, imagine the following sequence:

  1. You authorize and get an access token and a refresh token
  2. You use your app for a while and the access token expires
  3. You make another request and pass your own authorization header as an option
    • At that moment the library would detect the expired access token and fetch new one
    • Then, despite having a fresh access token, your authorization header will override it

Is that the intended behavior here?

vlad-ignatov avatar Aug 09 '22 14:08 vlad-ignatov