+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+
package auth
import (
func (a *Credentials) LoadTokensFromHTTPRequest(r *http.Request) {
// Load plain token from "Authorization: OAuth2 ..." header
// (typically used by smart API clients)
- if toks := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(toks) == 2 && toks[0] == "OAuth2" {
+ if toks := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(toks) == 2 && (toks[0] == "OAuth2" || toks[0] == "Bearer") {
a.Tokens = append(a.Tokens, toks[1])
}
// Load base64-encoded token from "Authorization: Basic ..."
// header (typically used by git via credential helper)
- if _, password, ok := BasicAuth(r); ok {
+ if _, password, ok := r.BasicAuth(); ok {
a.Tokens = append(a.Tokens, password)
}
// secret is known)
}
-// TODO: LoadTokensFromHttpRequestBody(). We can't assume in
-// LoadTokensFromHttpRequest() that [or how] we should read and parse
-// the request body. This has to be requested explicitly by the
-// application.
-
func (a *Credentials) loadTokenFromCookie(r *http.Request) {
- cookie, err := r.Cookie("api_token")
+ cookie, err := r.Cookie("arvados_api_token")
if err != nil || len(cookie.Value) == 0 {
return
}
}
a.Tokens = append(a.Tokens, string(token))
}
+
+// TODO: LoadTokensFromHttpRequestBody(). We can't assume in
+// LoadTokensFromHttpRequest() that [or how] we should read and parse
+// the request body. This has to be requested explicitly by the
+// application.