refit icon indicating copy to clipboard operation
refit copied to clipboard

Published 20 hours ago verified publisher icon reactiveui

[BUG] We can't add Authorization attribute without schema [Headers("Authorization:")]

Open sajidmohammed88 opened this issue 2 years ago • 1 comments

Describe the bug

I'm trying to call an API the use Authorization without schema, like "Authorization:4_0045d88ceb180d80000000003_01a7339b_a8ef2a_acct_i-CZoqmnys44J7cHdh3D7JU0tu4=" but still gives me 401 status code.

Steps To Reproduce

Try to call any API by refit that not use schema for Authorization.

Expected behavior

Add the token value to the authorization when does not have schema.

Screenshots

Environment

  • OS: Windows 10
  • Device: Laptop
  • Version: 6.3.2
  • Working Version: 6.3.2

Additional context

In the class AuthenticatedHttpClientHandler, we should add else of "if (auth != null)" to add authorization without schema.

class AuthenticatedHttpClientHandler : DelegatingHandler
    {
        readonly Func<Task<string>> getToken;

        public AuthenticatedHttpClientHandler(Func<Task<string>> getToken, HttpMessageHandler? innerHandler = null)
            : base(innerHandler ?? new HttpClientHandler())
        {
            this.getToken = getToken ?? throw new ArgumentNullException(nameof(getToken));
        }

        protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            // See if the request has an authorize header
            var auth = request.Headers.Authorization;
            if (auth != null)
            {
                var token = await getToken().ConfigureAwait(false);
                request.Headers.Authorization = new AuthenticationHeaderValue(auth.Scheme, token);
            }

            return await base.SendAsync(request, cancellationToken).ConfigureAwait(false);
        }
    }
}

I worked around the problem by using custom handler :

public class AuthorizationWithoutSchemaHandler : DelegatingHandler
  {
    private readonly string _token;

    public AuthorizationWithoutSchemaHandler(string token) : base(new HttpClientHandler())
    {
      _token = token ?? throw new ArgumentNullException(nameof(token));
    }

    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
      request.Headers.TryAddWithoutValidation("Authorization", _token);

      return await base.SendAsync(request, cancellationToken).ConfigureAwait(false);
    }
  }

sajidmohammed88 avatar Sep 24 '22 12:09 sajidmohammed88

Kindly follow up

apavelm avatar Sep 26 '22 17:09 apavelm