Add error logging for a missing Authorization header during the minim… (#1420)

* Add error logging for a missing Authorization header during the minimal permission check

* Apply suggestion from @Copilot

Co-authored-by: Copilot <[email protected]>

---------

Co-authored-by: Waldek Mastykarz <[email protected]>
Co-authored-by: Copilot <[email protected]>

Author: 3 people

DevProxy.Plugins/Extensions/OpenApiDocumentExtensions.cs

@@ -33,7 +33,18 @@ public static ApiPermissionsInfo CheckMinimalPermissions(this OpenApiDocument op
             logger.LogDebug("Checking request {Request}...", methodAndUrl);
             var (method, url) = (methodAndUrlChunks[0].ToUpperInvariant(), methodAndUrlChunks[1]);
 
-            var scopesFromTheToken = MinimalPermissionsUtils.GetScopesFromToken(request.Context?.Session.HttpClient.Request.Headers.First(h => h.Name.Equals("authorization", StringComparison.OrdinalIgnoreCase)).Value, logger);
+            var authorizationHeaderValue = request.Context?.Session.HttpClient.Request.Headers.FirstOrDefault(h => h.Name.Equals("authorization", StringComparison.OrdinalIgnoreCase))?.Value;
+            if (authorizationHeaderValue is null)
+            {
+                errors.Add(new()
+                {
+                    Request = methodAndUrl,
+                    Error = "No Authorization header found"
+                });
+                continue;
+            }
+
+            var scopesFromTheToken = MinimalPermissionsUtils.GetScopesFromToken(authorizationHeaderValue, logger);
             if (scopesFromTheToken.Length != 0)
             {
                 tokenPermissions.AddRange(scopesFromTheToken);