Do not depend the Authorization header on the token type.

stefangr · stefangr · commit 95b68b7a7234 · 2017-05-03T15:23:16.000+02:00
The token type is case insensitive.
The authorization scheme of the Authorization header is case sensitive.
diff --git a/src/execute.js b/src/execute.js
@@ -241,7 +241,6 @@ export function applySecurities({request, securities = {}, operation = {}, spec}
       const schema = securityDef[key]
       const {type} = schema
       const accessToken = token && token.access_token
-      const tokenType = token && token.token_type
 
       if (auth) {
         if (type === 'apiKey') {
@@ -259,7 +258,7 @@ export function applySecurities({request, securities = {}, operation = {}, spec}
           }
         }
         else if (type === 'oauth2') {
-          result.headers.authorization = `${tokenType || 'Bearer'} ${accessToken}`
+          result.headers.authorization = `Bearer ${accessToken}`
         }
       }
     }
diff --git a/test/execute.js b/test/execute.js
@@ -924,6 +924,55 @@ describe('execute', () => {
         api_key: 'hello'
       })
     })
+
+    it('should use the correct authorization scheme with OAuth2', function() {
+      const spec = {
+        host: 'swagger.io',
+        basePath: '/v1',
+        security: [{oauth2app: []}],
+        paths: {
+          '/one': {
+            get: {
+              operationId: 'getMe',
+              security: [{oauth2app: []}]
+            }
+          }
+        },
+        securityDefinitions: {
+          oauth2app: {
+            type: 'oauth2',
+            flow: 'application',
+            tokenUrl: 'https://swagger.io/oauth2/token',
+            scopes: {
+              read: 'read access'
+            }
+          }
+        }
+      }
+
+      const request = {
+        url: 'http://swagger.io/v1/one',
+        method: 'GET',
+        query: {}
+      }
+
+      const securities = {
+        authorized: {
+          oauth2app: {
+            token: {
+              access_token: 'one two',
+              token_type: 'bearer'
+            }
+          }
+        }
+      }
+
+      const applySecurity = applySecurities({request, securities, operation: spec.paths['/one'].get, spec})
+
+      expect(applySecurity.headers).toEqual({
+        authorization: 'Bearer one two'
+      })
+    })
   })
 
   describe('parameterBuilders', function () {

Original file line number	Diff line number	Diff line change
`@@ -241,7 +241,6 @@ export function applySecurities({request, securities = {}, operation = {}, spec}`
`241`	`241`	`const schema = securityDef[key]`
`242`	`242`	`const {type} = schema`
`243`	`243`	`const accessToken = token && token.access_token`
`244`		`- const tokenType = token && token.token_type`
`245`	`244`
`246`	`245`	`if (auth) {`
`247`	`246`	`if (type === 'apiKey') {`
`@@ -259,7 +258,7 @@ export function applySecurities({request, securities = {}, operation = {}, spec}`
`259`	`258`	`}`
`260`	`259`	`}`
`261`	`260`	`else if (type === 'oauth2') {`
`262`		- result.headers.authorization = `${tokenType \|\| 'Bearer'} ${accessToken}`
	`261`	+ result.headers.authorization = `Bearer ${accessToken}`
`263`	`262`	`}`
`264`	`263`	`}`
`265`	`264`	`}`