Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2 Bearer header should be of the format "Authorization Bearer" ? #1228

Closed
linuxthor opened this issue Feb 18, 2020 · 1 comment
Closed

OAuth2 Bearer header should be of the format "Authorization Bearer" ? #1228

linuxthor opened this issue Feb 18, 2020 · 1 comment
Assignees
@To-om
Labels
bug
Milestone
3.4.1

Comments

@linuxthor
Copy link

Request Type

Bug

Work Environment

Question Answer
OS version (server) CentOS, RedHat
OS version (client) Seven
TheHive version / git hash 3.4.0
Package Type RPM
Browser type & version N/A

Problem Description

While using the SSO feature to configure sign in via Microsoft Azure as the Identity Provider I was getting a 400 error back from Microsoft where the user details are checked at the userinfo endpoint with the returned token. Looking at the failed request it had a header of the form "Authorization bearer " - when trying this request with cURL as "Authorization Bearer " (i.e upper case B) it succeeds.

Possible Solutions

I think the faulty line of code may be:
https://github.com/TheHive-Project/TheHive/blob/master/thehive-backend/app/services/OAuth2Srv.scala#L101
@To-om
Copy link
Contributor

To-om commented Mar 30, 2020

You're right. According to OAuth2 RFC, Bearer must have a upper case "B". This will be fixed in next release.

@To-om To-om self-assigned this Mar 30, 2020
@To-om To-om added the bug label Mar 30, 2020
@To-om To-om added this to the 3.4.1 milestone Mar 30, 2020
To-om added a commit that referenced this issue Apr 7, 2020
@To-om
#1228 Capitalize "bearer"
cb5dd47
@To-om To-om closed this as completed Apr 7, 2020
@torsolaso torsolaso mentioned this issue Apr 15, 2020
Closed
@To-om To-om mentioned this issue Apr 24, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
bug
Projects
None yet
Milestone
3.4.1
Development

No branches or pull requests
2 participants
@linuxthor @To-om