Get Authorization from headers before reading from cookies

ArtyomVancyan · ArtyomVancyan · commit 973fc10b0601 · 2023-07-05T18:47:48.000+04:00
diff --git a/src/fastapi_oauth2/middleware.py b/src/fastapi_oauth2/middleware.py
@@ -85,7 +85,10 @@ def __init__(self, config: OAuth2Config) -> None:
             Auth.register_client(client)
 
     async def authenticate(self, request: Request) -> Optional[Tuple["Auth", "User"]]:
-        authorization = request.cookies.get("Authorization")
+        authorization = request.headers.get(
+            "Authorization",
+            request.cookies.get("Authorization"),
+        )
         scheme, param = get_authorization_scheme_param(authorization)
 
         if not scheme or not param:
