diff options
author | Alan Crosswell <alan@columbia.edu> | 2021-05-26 15:03:48 -0400 |
---|---|---|
committer | Alan Crosswell <alan@columbia.edu> | 2021-05-29 09:59:00 -0400 |
commit | 05e671a41641746802f6ae6155f79fdcb13a3c6a (patch) | |
tree | 42bf92c7808ac465c4117e7c1ac3cc133f6987de | |
parent | 7ecb5e19417dc4a9c85518d822dc1e3fcf4d5e3e (diff) | |
download | oauthlib-05e671a41641746802f6ae6155f79fdcb13a3c6a.tar.gz |
Fix Authorization header that is not a Bearer to not return a token
-rw-r--r-- | oauthlib/openid/connect/core/tokens.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/oauthlib/openid/connect/core/tokens.py b/oauthlib/openid/connect/core/tokens.py index d24cb56..299c5ca 100644 --- a/oauthlib/openid/connect/core/tokens.py +++ b/oauthlib/openid/connect/core/tokens.py @@ -37,7 +37,9 @@ class JWTToken(TokenBase): def validate_request(self, request): token = None if 'Authorization' in request.headers: - token = request.headers.get('Authorization')[7:] + split_header = request.headers.get('Authorization').split() + if len(split_header) == 2 and split_header[0].lower() == 'bearer': + token = split_header[1] else: token = request.access_token return self.request_validator.validate_jwt_bearer_token( |