nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Child Item

OAuth access token type

Andrii M.

Currently during authentication retyrned URL contains token_type=bearer parameter while respective header must be Bearer (else 400 is returned).

Is that possible to return correct case in token_type so one could just use it in header? Or it is by-design and developer must always implement own mapping for auth types like bearer->Bearer ?

Find more posts tagged with

API

Abuse

Accepted answers

Greg-DB

According to the documentation, we only support the "bearer" token type, so any of these should be fine.

All comments

Greg-DB

Thanks for the post! I can't speak to the intent here, but I'll send this along to the team to see if we can get that changed. I can't make any promises as to if they will do so though.

Andrii M.

Thank you, Greg, for response.

Even it this is intensionally and won't be changed in future, I would appreciate advices of the parameter usage:

Implement own mapping from types returned in the URL to proper header values (need the ful list of supported types described in documentation with stress on the correct capitalizing)
Use types from URL but capitalize it (now it's my curren implementation)
Always use Bearer in the auth header and ignore the type from URL

Greg-DB

According to the documentation, we only support the "bearer" token type, so any of these should be fine.

lazedo

Hi Greg,

the api does not accept "bearer", it only accepts "Bearer".

the returned value in token_type is "bearer" and most oauth clients will use that value to compose the Authorization Header.

the result is that the Authorization being sent to subsequent requests has the Authorization header "Authorization: bearer xxxxx" instead of "Authorization: Bearer xxxxx".

it seems to me that, the token_type value returned should be "Bearer" instead of "bearer" if api only accepts that, or change the api to accept "bearer".

thoughts ?

Greg-DB

@lazedo Thanks for the post. I'm not aware of any current plans to change this, but I'll add your vote to the request.