Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-20498

camel-http OAuth2 support is not adding the text "Bearer " to the Authorization header

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 4.4.0
    • 4.4.1, 4.5.0
    • camel-http
    • None
    • Unknown

    Description

      When using the OAuth2 support for camel-http, it is not adding the prefix text "Bearer " before the access token in the Authorization header as per the OAuth2 specification: https://datatracker.ietf.org/doc/html/rfc6750#section-2.1

      In the end it does not actually work to use this feature at all from what I can see – the header is not considered valid for an OAuth2 access token and when trying to use this against a real API that requires a token then you receive back an authorization failure.

      When turning on DEBUG logging you can see that the access token is fetched correctly but then on the request it is being sent without the text "Bearer " in front of the token:

      http-outgoing-0 >> "Authorization: eyJhbG..." 

      From a quick skim in the code it seems like the problem lies here:  https://github.com/apache/camel/blob/e8ea7ab337cee460858d44968c50dbfafa22ef28/components/camel-http/src/main/java/org/apache/camel/component/http/OAuth2ClientConfigurer.java#L64

      That is to say, the code is just adding the "Authorization" header where the value is only the access token itself, and not adding the text "Bearer " before the token as per the OAuth2 specification.

       

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              joshuagrisham Joshua Grisham
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: