Add public method to get authorization bearer token

src/controllers/GraphqlController.php

@@ -247,37 +247,14 @@ private function _schema(GqlService $gqlService): GqlSchema
             return $schema;
         }
 
-        // Was a specific token passed?
-        $authHeaders = $requestHeaders->get('X-Craft-Authorization', null, false) ?? $requestHeaders->get('Authorization', null, false) ?? [];
-        foreach ($authHeaders as $authHeader) {
-            $authValues = array_map('trim', explode(',', $authHeader));
-            foreach ($authValues as $authValue) {
-                if (preg_match('/^Bearer\s+(.+)$/i', $authValue, $matches)) {
-                    try {
-                        $token = $gqlService->getTokenByAccessToken($matches[1]);
-                    } catch (InvalidArgumentException) {
-                    }
-
-                    if (!isset($token) || !$token->getIsValid()) {
-                        throw new BadRequestHttpException('Invalid Authorization header');
-                    }
+        $token = $this->_token($gqlService);
 
-                    break 2;
-                }
-            }
-        }
-
-        if (!isset($token)) {
-            // Get the public schema, if it exists & is valid
-            $token = $this->_publicToken($gqlService);
-
-            // If we couldn't find a token, then return the active schema if there is one, otherwise bail
-            if (!$token) {
-                try {
-                    return $gqlService->getActiveSchema();
-                } catch (GqlException) {
-                    throw new BadRequestHttpException('Missing Authorization header');
-                }
+        // If we couldn't find a token, then return the active schema if there is one, otherwise bail
+        if (!$token) {
+            try {
+                return $gqlService->getActiveSchema();
+            } catch (GqlException) {
+                throw new BadRequestHttpException('Missing Authorization header');
             }
         }
 
@@ -288,6 +265,25 @@ private function _schema(GqlService $gqlService): GqlSchema
         return $token->getSchema();
     }
 
+    private function _token(GqlService $gqlService): ?GqlToken
+    {
+        $bearerToken = $this->request->getBearerToken();
+
+        if ($bearerToken) {
+            try {
+                $token = $gqlService->getTokenByAccessToken($bearerToken);
+
+                if ($token->getIsValid()) {
+                    return $token;
+                }
+            } catch (InvalidArgumentException) {
+            }
+        }
+
+        // Get the public schema, if it exists & is valid
+        return $this->_publicToken($gqlService);
+    }
+
     /**
      * Returns the public token, if it exists and is valid.
      *

src/web/Request.php

@@ -1212,6 +1212,23 @@ public function getRawCookies(): CookieCollection
         return $this->_rawCookies;
     }
 
+    public function getBearerToken(): ?string
+    {
+        $authHeaders = $this->getHeaders()->get('X-Craft-Authorization', null, false) ?? $this->getHeaders()->get('Authorization', null, false) ?? [];
+
+        foreach ($authHeaders as $authHeader) {
+            $authValues = array_map('trim', explode(',', $authHeader));
+
+            foreach ($authValues as $authValue) {
+                if (preg_match('/^Bearer\s+(.+)$/i', $authValue, $matches)) {
+                    return $matches[1];
+                }
+            }
+        }
+
+        return null;
+    }
+
     /**
      * Converts any invalid cookies in `$_COOKIE` into an array of [[Cookie]] objects.
      *