Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
4.4.0
-
None
-
Unknown
Description
When using the OAuth2 support for camel-http, it is not adding the prefix text "Bearer " before the access token in the Authorization header as per the OAuth2 specification: https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
In the end it does not actually work to use this feature at all from what I can see – the header is not considered valid for an OAuth2 access token and when trying to use this against a real API that requires a token then you receive back an authorization failure.
When turning on DEBUG logging you can see that the access token is fetched correctly but then on the request it is being sent without the text "Bearer " in front of the token:
http-outgoing-0 >> "Authorization: eyJhbG..."
From a quick skim in the code it seems like the problem lies here: https://github.com/apache/camel/blob/e8ea7ab337cee460858d44968c50dbfafa22ef28/components/camel-http/src/main/java/org/apache/camel/component/http/OAuth2ClientConfigurer.java#L64
That is to say, the code is just adding the "Authorization" header where the value is only the access token itself, and not adding the text "Bearer " before the token as per the OAuth2 specification.
Attachments
Issue Links
- links to