Insomnia: [Feature Request] OAuth2 no prefix on Authorization header
- Insomnia Version: 5.16.6.2073
- Operating System: MacOS
Details
If there is no prefix on the Authorization header, ie. Authorization: xxxxx instead of Authorization: Bearer xxxxx there's no clear way of indicating/doing that.
I actually "tricked it" in that I put an empty space in the "Header Prefix" form field in the OAuth2 tab. This worked for the system I was providing the token to, but who knows if that would always work? Would that space ever cause an issue?
Regardless, it's not real clear what's going on. It would be ideal if there was some sort of "none" checkbox or variable that said "empty space" or something that could appear in that form field. That way anyone looking at it would know that there really is no "Bearer" or "Basic" prefix or anything like that.
Yes, a minor issue. I could set up an environment variable named "empty space" and may do so just so I don't look at this later on and go, "huh?" However, it would be nice if it was given a little better UX.
_When is this a thing?_
I had to use an implicit grant with AWS Cognito and AppSync because my application's OAuth2 flow had a redirect in it which created an issue for matching the redirect_uri (I saw the other issue here for that already). So I was happy to find that I could avoid that whole redirect issue by using an implicit grant. Cool!
However, AppSync + Cognito will seemingly take that Authorization header JWT without any prefix.
So there are some cases where you don't want a prefix be it right, wrong or indifferent.
tmaiaroto
All 4 comments
Can I take this one?
To be clear, is the deliverable to remove the default prefix from OAuth2.0 and Bearer token authentication strategies or is it to enable a setting that would set the default to Bearer or nothing?
j-collier
on 9 Aug 2018
@j-collier thanks for taking this one!
The current behavior should remain the same after this change is made (we don't want the change to break anything for existing users). I suggest changing the current Header Prefix row into two rows.
_FIRST ROW_: A select input to choose between Default/Custom/None for prefix type
_SECOND ROW_: A custom text input (same as what's there now) that is hidden at all times except for the Custom prefix type.
To represent None I recommend using an unlikely constant like '__Di$aB13d__', which is used in other parts of the codebase.
gschier
on 9 Aug 2018
@j-collier is this still being worked on? I've run into a system where using the space to override the prefix seems to cause an invalid token error.
nvengal
on 19 Apr 2019
Pinging @gschier
nijikokun
on 12 Dec 2019
Related issues
dextermb
路
3Comments
claratorres
路
3Comments
misterpickypants
路
3Comments
pinggi
路
4Comments
isobit
路
3Comments
Most helpful comment
@j-collier thanks for taking this one!
The current behavior should remain the same after this change is made (we don't want the change to break anything for existing users). I suggest changing the current Header Prefix row into two rows.
_FIRST ROW_: A select input to choose between Default/Custom/None for prefix type
_SECOND ROW_: A custom text input (same as what's there now) that is hidden at all times except for the Custom prefix type.
To represent None I recommend using an unlikely constant like
'__Di$aB13d__', which is used in other parts of the codebase.