From c4190bdf52343953cfbbfa6458fe93467e2a259e Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Wed, 14 Aug 2024 14:36:12 -0400 Subject: [PATCH] 21910: Update all "Authorization: OAuth2 ..." usage to "Bearer". Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- lib/controller/integration_test.go | 4 ++-- sdk/R/R/RESTService.R | 18 +++++++++--------- sdk/cli/bin/arv | 10 +++++----- sdk/cli/bin/arv-tag | 2 +- sdk/go/arvados/client.go | 2 +- sdk/go/arvados/client_test.go | 2 +- sdk/go/auth/auth.go | 6 ++++-- sdk/go/keepclient/keepclient.go | 4 ++-- sdk/go/keepclient/keepclient_test.go | 6 +++--- sdk/go/keepclient/support.go | 2 +- .../client/api/client/BaseApiClient.java | 2 +- .../arvados/client/logic/keep/KeepClient.java | 2 +- .../client/test/utils/ApiClientTestUtils.java | 2 +- sdk/python/arvados/api.py | 2 +- sdk/python/arvados/keep.py | 2 +- sdk/python/tests/run_test_server.py | 2 +- .../api_client_authorizations_api_test.rb | 10 +++++----- .../test/integration/container_request_test.rb | 2 +- .../test/integration/noop_deep_munge_test.rb | 2 +- .../api/test/integration/remote_user_test.rb | 2 +- services/api/test/integration/users_test.rb | 2 +- .../api/test/integration/valid_links_test.rb | 2 +- services/keep-web/handler_test.go | 4 +++- services/keep-web/ranges_test.go | 2 +- services/keep-web/status_test.go | 2 +- services/keepproxy/keepproxy_test.go | 8 ++++---- .../src/store/advanced-tab/advanced-tab.tsx | 2 +- 27 files changed, 55 insertions(+), 51 deletions(-) diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go index ff8d38df79..edf4a35886 100644 --- a/lib/controller/integration_test.go +++ b/lib/controller/integration_test.go @@ -544,12 +544,12 @@ func (s *IntegrationSuite) TestCreateContainerRequestWithFedToken(c *check.C) { c.Check(err, check.IsNil) c.Check(cr.UUID, check.Matches, "z2222-.*") - c.Log("...post with good cached token ('OAuth2 ...')") + c.Log("...post with good cached token ('Bearer ...')") cr = arvados.ContainerRequest{} req, err = http.NewRequest("POST", "https://"+ac2.APIHost+"/arvados/v1/container_requests", bytes.NewReader(body.Bytes())) c.Assert(err, check.IsNil) req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "OAuth2 "+ac2.AuthToken) + req.Header.Set("Authorization", "Bearer "+ac2.AuthToken) resp, err = arvados.InsecureHTTPClient.Do(req) c.Assert(err, check.IsNil) defer resp.Body.Close() diff --git a/sdk/R/R/RESTService.R b/sdk/R/R/RESTService.R index 5cbcb65f75..cd6157e08d 100644 --- a/sdk/R/R/RESTService.R +++ b/sdk/R/R/RESTService.R @@ -63,7 +63,7 @@ RESTService <- R6::R6Class( { fileURL <- paste0(self$getWebDavHostName(), "c=", uuid, "/", relativePath); - headers <- list(Authorization = paste("OAuth2", self$token)) + headers <- list(Authorization = paste("Bearer", self$token)) serverResponse <- self$http$exec("DELETE", fileURL, headers, retryTimes = self$numRetries) @@ -80,7 +80,7 @@ RESTService <- R6::R6Class( fromURL <- paste0(collectionURL, from) toURL <- paste0(collectionURL, trimFromStart(to, "/")) - headers <- list("Authorization" = paste("OAuth2", self$token), + headers <- list("Authorization" = paste("Bearer", self$token), "Destination" = toURL) serverResponse <- self$http$exec("MOVE", fromURL, headers, @@ -98,7 +98,7 @@ RESTService <- R6::R6Class( fromURL <- paste0(collectionURL, from) toURL <- paste0(collectionURL, trimFromStart(to, "/")) - headers <- list("Authorization" = paste("OAuth2", self$token), + headers <- list("Authorization" = paste("Bearer", self$token), "Destination" = toURL) serverResponse <- self$http$exec("COPY", fromURL, headers, @@ -137,7 +137,7 @@ RESTService <- R6::R6Class( subcollectionURL <- paste0(collectionURL, "/", relativePath); - headers <- list("Authorization" = paste("OAuth2", self$token)) + headers <- list("Authorization" = paste("Bearer", self$token)) response <- self$http$exec("PROPFIND", subcollectionURL, headers, retryTimes = self$numRetries) @@ -165,11 +165,11 @@ RESTService <- R6::R6Class( if(offset == 0 && length == 0) { - headers <- list(Authorization = paste("OAuth2", self$token)) + headers <- list(Authorization = paste("Bearer", self$token)) } else { - headers <- list(Authorization = paste("OAuth2", self$token), + headers <- list(Authorization = paste("Bearer", self$token), Range = range) } @@ -189,7 +189,7 @@ RESTService <- R6::R6Class( { fileURL <- paste0(self$getWebDavHostName(), "c=", uuid, "/", relativePath); - headers <- list(Authorization = paste("OAuth2", self$token), + headers <- list(Authorization = paste("Bearer", self$token), "Content-Type" = contentType) body <- content @@ -206,7 +206,7 @@ RESTService <- R6::R6Class( { fileURL <- paste0(self$getWebDavHostName(), "c=", uuid, "/", relativePath); - headers <- list(Authorization = paste("OAuth2", self$token)) + headers <- list(Authorization = paste("Bearer", self$token)) conn <- self$http$getConnection(fileURL, headers, openMode) } @@ -221,7 +221,7 @@ RESTService <- R6::R6Class( { fileURL <- paste0(self$getWebDavHostName(), "c=", uuid, "/", relativePath) - headers <- list(Authorization = paste("OAuth2", self$token), + headers <- list(Authorization = paste("Bearer", self$token), "Content-Type" = contentType) body <- NULL diff --git a/sdk/cli/bin/arv b/sdk/cli/bin/arv index e5aa4e4f2a..6699aa9f32 100755 --- a/sdk/cli/bin/arv +++ b/sdk/cli/bin/arv @@ -274,7 +274,7 @@ def fetch_rsc_obj client, arvados, rsc, uuid, remaining_opts :parameters => {"uuid" => uuid}, :authenticated => false, :headers => { - authorization: 'OAuth2 '+ENV['ARVADOS_API_TOKEN'] + authorization: 'Bearer '+ENV['ARVADOS_API_TOKEN'] }) obj = check_response result rescue => e @@ -323,7 +323,7 @@ def arv_edit client, arvados, global_opts, remaining_opts :body_object => { rsc.singularize => newobj }, :authenticated => false, :headers => { - authorization: 'OAuth2 '+ENV['ARVADOS_API_TOKEN'] + authorization: 'Bearer '+ENV['ARVADOS_API_TOKEN'] }) results = check_response result STDERR.puts "Updated object #{results['uuid']}" @@ -405,7 +405,7 @@ def arv_create client, arvados, global_opts, remaining_opts :body_object => {object_type => newobj}, :authenticated => false, :headers => { - authorization: 'OAuth2 '+ENV['ARVADOS_API_TOKEN'] + authorization: 'Bearer '+ENV['ARVADOS_API_TOKEN'] }) results = check_response result puts "Created object #{results['uuid']}" @@ -677,7 +677,7 @@ when uri_s = eval(api_method).generate_uri(request_parameters) Curl::Easy.perform(uri_s) do |curl| curl.headers['Accept'] = 'text/plain' - curl.headers['Authorization'] = "OAuth2 #{ENV['ARVADOS_API_TOKEN']}" + curl.headers['Authorization'] = "Bearer #{ENV['ARVADOS_API_TOKEN']}" if ENV['ARVADOS_API_HOST_INSECURE'] curl.ssl_verify_peer = false curl.ssl_verify_host = false @@ -694,7 +694,7 @@ else :body_object => request_body, :authenticated => false, :headers => { - authorization: 'OAuth2 '+ENV['ARVADOS_API_TOKEN'] + authorization: 'Bearer '+ENV['ARVADOS_API_TOKEN'] }) end diff --git a/sdk/cli/bin/arv-tag b/sdk/cli/bin/arv-tag index f709020fc7..3e4fbea1b4 100755 --- a/sdk/cli/bin/arv-tag +++ b/sdk/cli/bin/arv-tag @@ -25,7 +25,7 @@ def api_call(method, parameters:{}, request_body:{}) :body_object => request_body, :authenticated => false, :headers => { - authorization: "OAuth2 #{ENV['ARVADOS_API_TOKEN']}", + authorization: "Bearer #{ENV['ARVADOS_API_TOKEN']}", }) begin diff --git a/sdk/go/arvados/client.go b/sdk/go/arvados/client.go index ead66c3d40..6254b16048 100644 --- a/sdk/go/arvados/client.go +++ b/sdk/go/arvados/client.go @@ -260,7 +260,7 @@ func (c *Client) Do(req *http.Request) (*http.Response, error) { if auth, _ := ctx.Value(contextKeyAuthorization{}).(string); auth != "" { req.Header.Add("Authorization", auth) } else if c.AuthToken != "" { - req.Header.Add("Authorization", "OAuth2 "+c.AuthToken) + req.Header.Add("Authorization", "Bearer "+c.AuthToken) } if req.Header.Get("X-Request-Id") == "" { diff --git a/sdk/go/arvados/client_test.go b/sdk/go/arvados/client_test.go index 55e2f998c4..4dc5a63041 100644 --- a/sdk/go/arvados/client_test.go +++ b/sdk/go/arvados/client_test.go @@ -98,7 +98,7 @@ func (*clientSuite) TestCurrentUser(c *check.C) { c.Check(u.UUID, check.Equals, "zzzzz-abcde-012340123401234") c.Check(stub.Requests, check.Not(check.HasLen), 0) hdr := stub.Requests[len(stub.Requests)-1].Header - c.Check(hdr.Get("Authorization"), check.Equals, "OAuth2 xyzzy") + c.Check(hdr.Get("Authorization"), check.Equals, "Bearer xyzzy") client.Client.Transport = &errorTransport{} u, err = client.CurrentUser() diff --git a/sdk/go/auth/auth.go b/sdk/go/auth/auth.go index da9b4ea5b8..84cbd0d4ea 100644 --- a/sdk/go/auth/auth.go +++ b/sdk/go/auth/auth.go @@ -51,8 +51,10 @@ var DecodeTokenCookie func(string) ([]byte, error) = base64.URLEncoding.DecodeSt // LoadTokensFromHTTPRequest loads all tokens it can find in the // headers and query string of an http query. func (a *Credentials) LoadTokensFromHTTPRequest(r *http.Request) { - // Load plain token from "Authorization: OAuth2 ..." header - // (typically used by smart API clients) + // Load plain token from "Authorization: Bearer ..." header + // (typically used by smart API clients). Note many pre-3.0 + // clients send "OAuth2 ..." instead of "Bearer ..." and that + // is still accepted. if toks := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(toks) == 2 && (toks[0] == "OAuth2" || toks[0] == "Bearer") { a.Tokens = append(a.Tokens, strings.TrimSpace(toks[1])) } diff --git a/sdk/go/keepclient/keepclient.go b/sdk/go/keepclient/keepclient.go index 1c72e583cb..2987be8471 100644 --- a/sdk/go/keepclient/keepclient.go +++ b/sdk/go/keepclient/keepclient.go @@ -314,7 +314,7 @@ func (kc *KeepClient) getOrHead(method string, locator string, header http.Heade req.Header[k] = append([]string(nil), v...) } if req.Header.Get("Authorization") == "" { - req.Header.Set("Authorization", "OAuth2 "+kc.Arvados.ApiToken) + req.Header.Set("Authorization", "Bearer "+kc.Arvados.ApiToken) } if req.Header.Get("X-Request-Id") == "" { req.Header.Set("X-Request-Id", reqid) @@ -543,7 +543,7 @@ func (kc *KeepClient) GetIndex(keepServiceUUID, prefix string) (io.Reader, error return nil, err } - req.Header.Add("Authorization", "OAuth2 "+kc.Arvados.ApiToken) + req.Header.Add("Authorization", "Bearer "+kc.Arvados.ApiToken) req.Header.Set("X-Request-Id", kc.getRequestID()) resp, err := kc.httpClient().Do(req) if err != nil { diff --git a/sdk/go/keepclient/keepclient_test.go b/sdk/go/keepclient/keepclient_test.go index fb59460c72..72d46ce073 100644 --- a/sdk/go/keepclient/keepclient_test.go +++ b/sdk/go/keepclient/keepclient_test.go @@ -142,7 +142,7 @@ func (sph *StubPutHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request sph.requests = append(sph.requests, req) sph.mtx.Unlock() sph.c.Check(req.URL.Path, Equals, "/"+sph.expectPath) - sph.c.Check(req.Header.Get("Authorization"), Equals, fmt.Sprintf("OAuth2 %s", sph.expectAPIToken)) + sph.c.Check(req.Header.Get("Authorization"), Equals, fmt.Sprintf("Bearer %s", sph.expectAPIToken)) if sph.expectStorageClass != "*" { sph.c.Check(req.Header.Get("X-Keep-Storage-Classes"), Equals, sph.expectStorageClass) } @@ -699,7 +699,7 @@ type StubGetHandler struct { func (sgh StubGetHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) { sgh.c.Check(req.URL.Path, Equals, "/"+sgh.expectPath) - sgh.c.Check(req.Header.Get("Authorization"), Equals, fmt.Sprintf("OAuth2 %s", sgh.expectAPIToken)) + sgh.c.Check(req.Header.Get("Authorization"), Equals, fmt.Sprintf("Bearer %s", sgh.expectAPIToken)) resp.WriteHeader(sgh.httpStatus) resp.Header().Set("Content-Length", fmt.Sprintf("%d", len(sgh.body))) resp.Write(sgh.body) @@ -1377,7 +1377,7 @@ type StubGetIndexHandler struct { func (h StubGetIndexHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) { h.c.Check(req.URL.Path, Equals, h.expectPath) - h.c.Check(req.Header.Get("Authorization"), Equals, fmt.Sprintf("OAuth2 %s", h.expectAPIToken)) + h.c.Check(req.Header.Get("Authorization"), Equals, fmt.Sprintf("Bearer %s", h.expectAPIToken)) resp.WriteHeader(h.httpStatus) resp.Header().Set("Content-Length", fmt.Sprintf("%d", len(h.body))) resp.Write(h.body) diff --git a/sdk/go/keepclient/support.go b/sdk/go/keepclient/support.go index 142f1d2151..57d537ddd5 100644 --- a/sdk/go/keepclient/support.go +++ b/sdk/go/keepclient/support.go @@ -71,7 +71,7 @@ func (kc *KeepClient) uploadToKeepServer(host string, hash string, classesTodo [ } req.Header.Add("X-Request-Id", reqid) - req.Header.Add("Authorization", "OAuth2 "+kc.Arvados.ApiToken) + req.Header.Add("Authorization", "Bearer "+kc.Arvados.ApiToken) req.Header.Add("Content-Type", "application/octet-stream") req.Header.Add(XKeepDesiredReplicas, fmt.Sprint(kc.Want_replicas)) if len(classesTodo) > 0 { diff --git a/sdk/java-v2/src/main/java/org/arvados/client/api/client/BaseApiClient.java b/sdk/java-v2/src/main/java/org/arvados/client/api/client/BaseApiClient.java index 51f2f4a81b..960f397311 100644 --- a/sdk/java-v2/src/main/java/org/arvados/client/api/client/BaseApiClient.java +++ b/sdk/java-v2/src/main/java/org/arvados/client/api/client/BaseApiClient.java @@ -45,7 +45,7 @@ abstract class BaseApiClient { Request.Builder getRequestBuilder() { return new Request.Builder() - .addHeader("authorization", String.format("OAuth2 %s", config.getApiToken())) + .addHeader("authorization", String.format("Bearer %s", config.getApiToken())) .addHeader("cache-control", "no-cache"); } diff --git a/sdk/java-v2/src/main/java/org/arvados/client/logic/keep/KeepClient.java b/sdk/java-v2/src/main/java/org/arvados/client/logic/keep/KeepClient.java index cc409983ba..2530d7b73e 100644 --- a/sdk/java-v2/src/main/java/org/arvados/client/logic/keep/KeepClient.java +++ b/sdk/java-v2/src/main/java/org/arvados/client/logic/keep/KeepClient.java @@ -120,7 +120,7 @@ public class KeepClient { private List mapNewServices(Map rootsMap, KeepLocator locator, boolean forceRebuild, boolean needWritable, Map headers) { - headers.putIfAbsent("Authorization", String.format("OAuth2 %s", config.getApiToken())); + headers.putIfAbsent("Authorization", String.format("Bearer %s", config.getApiToken())); List localRoots = weightedServiceRoots(locator, forceRebuild, needWritable); for (String root : localRoots) { FileTransferHandler keepServiceLocal = new FileTransferHandler(root, headers, config); diff --git a/sdk/java-v2/src/test/java/org/arvados/client/test/utils/ApiClientTestUtils.java b/sdk/java-v2/src/test/java/org/arvados/client/test/utils/ApiClientTestUtils.java index ac7dd02795..8f7a6d022b 100644 --- a/sdk/java-v2/src/test/java/org/arvados/client/test/utils/ApiClientTestUtils.java +++ b/sdk/java-v2/src/test/java/org/arvados/client/test/utils/ApiClientTestUtils.java @@ -32,7 +32,7 @@ public final class ApiClientTestUtils { } public static void assertAuthorizationHeader(RecordedRequest request) { - assertThat(request.getHeader("authorization")).isEqualTo("OAuth2 " + new FileConfigProvider().getApiToken()); + assertThat(request.getHeader("authorization")).isEqualTo("Bearer " + new FileConfigProvider().getApiToken()); } public static void assertRequestPath(RecordedRequest request, String subPath) { diff --git a/sdk/python/arvados/api.py b/sdk/python/arvados/api.py index d716777b8f..13f946df48 100644 --- a/sdk/python/arvados/api.py +++ b/sdk/python/arvados/api.py @@ -91,7 +91,7 @@ def _intercept_http_request(self, uri, method="GET", headers={}, **kwargs): self.max_request_size < len(kwargs['body'])): raise apiclient_errors.MediaUploadSizeError("Request size %i bytes exceeds published limit of %i bytes" % (len(kwargs['body']), self.max_request_size)) - headers['Authorization'] = 'OAuth2 %s' % self.arvados_api_token + headers['Authorization'] = 'Bearer %s' % self.arvados_api_token if (time.time() - self._last_request_time) > self._max_keepalive_idle: # High probability of failure due to connection atrophy. Make diff --git a/sdk/python/arvados/keep.py b/sdk/python/arvados/keep.py index 64bece1dcb..70e3fb0632 100644 --- a/sdk/python/arvados/keep.py +++ b/sdk/python/arvados/keep.py @@ -1040,7 +1040,7 @@ class KeepClient(object): # to _KeepService objects. Poll for Keep services, and add any # new ones to roots_map. Return the current list of local # root strings. - headers.setdefault('Authorization', "OAuth2 %s" % (self.api_token,)) + headers.setdefault('Authorization', "Bearer %s" % (self.api_token,)) local_roots = self.weighted_service_roots(locator, force_rebuild, need_writable) for root in local_roots: if root not in roots_map: diff --git a/sdk/python/tests/run_test_server.py b/sdk/python/tests/run_test_server.py index d5a3db1f5d..fc98624a40 100644 --- a/sdk/python/tests/run_test_server.py +++ b/sdk/python/tests/run_test_server.py @@ -396,7 +396,7 @@ def reset(): httpclient.request( 'https://{}/database/reset'.format(existing_api_host), 'POST', - headers={'Authorization': 'OAuth2 {}'.format(token), 'Connection':'close'}) + headers={'Authorization': 'Bearer {}'.format(token), 'Connection':'close'}) os.environ['ARVADOS_API_HOST_INSECURE'] = 'true' os.environ['ARVADOS_API_TOKEN'] = token diff --git a/services/api/test/integration/api_client_authorizations_api_test.rb b/services/api/test/integration/api_client_authorizations_api_test.rb index f6bf232de8..09e0395097 100644 --- a/services/api/test/integration/api_client_authorizations_api_test.rb +++ b/services/api/test/integration/api_client_authorizations_api_test.rb @@ -12,7 +12,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest test "create system auth" do post "/arvados/v1/api_client_authorizations/create_system_auth", params: {:format => :json, :scopes => ['test'].to_json}, - headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"} + headers: {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:admin_trustedclient).api_token}"} assert_response :success end @@ -51,7 +51,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest Rails.configuration.SystemRootToken = token get "/arvados/v1/users/current", params: {:format => :json}, - headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{token}"} + headers: {'HTTP_AUTHORIZATION' => "Bearer #{token}"} assert_equal json_response['uuid'], system_user_uuid end @@ -63,7 +63,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest :owner_uuid => users(:spectator).uuid } }, - headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"} + headers: {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:active_trustedclient).api_token}"} assert_response 403 end @@ -83,7 +83,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest :expires_at => desired_expiration, } }, - headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{token}"} + headers: {'HTTP_AUTHORIZATION' => "Bearer #{token}"} assert_response 200 expiration_t = json_response['expires_at'].to_time if admin && desired_expiration @@ -103,7 +103,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest :expires_at => desired_expiration } }, - headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{token}"} + headers: {'HTTP_AUTHORIZATION' => "Bearer #{token}"} assert_response 200 expiration_t = json_response['expires_at'].to_time if admin && desired_expiration diff --git a/services/api/test/integration/container_request_test.rb b/services/api/test/integration/container_request_test.rb index 26cc081a65..245a992eb7 100644 --- a/services/api/test/integration/container_request_test.rb +++ b/services/api/test/integration/container_request_test.rb @@ -29,7 +29,7 @@ class ContainerRequestIntegrationTest < ActionDispatch::IntegrationTest } }.to_json, headers: { - 'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active).api_token}", + 'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:active).api_token}", 'CONTENT_TYPE' => 'application/json' } assert_response :success diff --git a/services/api/test/integration/noop_deep_munge_test.rb b/services/api/test/integration/noop_deep_munge_test.rb index a94898ba22..822e38e610 100644 --- a/services/api/test/integration/noop_deep_munge_test.rb +++ b/services/api/test/integration/noop_deep_munge_test.rb @@ -37,7 +37,7 @@ class NoopDeepMungeTest < ActionDispatch::IntegrationTest } }.to_json, headers: { - 'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin).api_token}", + 'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:admin).api_token}", 'CONTENT_TYPE' => 'application/json' } assert_response :success diff --git a/services/api/test/integration/remote_user_test.rb b/services/api/test/integration/remote_user_test.rb index 98250a6242..ae5c034305 100644 --- a/services/api/test/integration/remote_user_test.rb +++ b/services/api/test/integration/remote_user_test.rb @@ -540,7 +540,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest "is_admin" => false } }, - headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_token(:admin)}"} + headers: {'HTTP_AUTHORIZATION' => "Bearer #{api_token(:admin)}"} assert_response :success get '/arvados/v1/users/current', diff --git a/services/api/test/integration/users_test.rb b/services/api/test/integration/users_test.rb index 51fd5c040d..cbe651ceb6 100644 --- a/services/api/test/integration/users_test.rb +++ b/services/api/test/integration/users_test.rb @@ -252,7 +252,7 @@ class UsersTest < ActionDispatch::IntegrationTest "username" => "barney" } }, - headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_token(:admin)}"} + headers: {'HTTP_AUTHORIZATION' => "Bearer #{api_token(:admin)}"} assert_response :success rp = json_response assert_not_nil rp["uuid"] diff --git a/services/api/test/integration/valid_links_test.rb b/services/api/test/integration/valid_links_test.rb index 1a98a65744..4873b8a9c3 100644 --- a/services/api/test/integration/valid_links_test.rb +++ b/services/api/test/integration/valid_links_test.rb @@ -8,7 +8,7 @@ class ValidLinksTest < ActionDispatch::IntegrationTest fixtures :all test "tail must exist on update" do - admin_auth = {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin).api_token}"} + admin_auth = {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:admin).api_token}"} post "/arvados/v1/links", params: { diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go index 43d100774d..cbffafa6f9 100644 --- a/services/keep-web/handler_test.go +++ b/services/keep-web/handler_test.go @@ -329,6 +329,8 @@ func (s *IntegrationSuite) TestVhost404(c *check.C) { // the token is invalid. type authorizer func(*http.Request, string) int +// We still need to accept "OAuth2 ..." as equivalent to "Bearer ..." +// for compatibility with older clients, including SDKs before 3.0. func (s *IntegrationSuite) TestVhostViaAuthzHeaderOAuth2(c *check.C) { s.doVhostRequests(c, authzViaAuthzHeaderOAuth2) } @@ -1137,7 +1139,7 @@ func (s *IntegrationSuite) testDirectoryListing(c *check.C) { s.handler.Cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com" authHeader := http.Header{ - "Authorization": {"OAuth2 " + arvadostest.ActiveToken}, + "Authorization": {"Bearer " + arvadostest.ActiveToken}, } for _, trial := range []struct { uri string diff --git a/services/keep-web/ranges_test.go b/services/keep-web/ranges_test.go index 8e7dbadc4e..c69e19e8c9 100644 --- a/services/keep-web/ranges_test.go +++ b/services/keep-web/ranges_test.go @@ -74,7 +74,7 @@ func (s *IntegrationSuite) TestRanges(c *check.C) { Host: url.Host, RequestURI: url.RequestURI(), Header: http.Header{ - "Authorization": {"OAuth2 " + arvadostest.ActiveToken}, + "Authorization": {"Bearer " + arvadostest.ActiveToken}, "Range": {"bytes=" + trial.header}, }, } diff --git a/services/keep-web/status_test.go b/services/keep-web/status_test.go index 12479a80d8..121d5e5506 100644 --- a/services/keep-web/status_test.go +++ b/services/keep-web/status_test.go @@ -40,7 +40,7 @@ func (s *IntegrationSuite) TestNoStatusFromVHost(c *check.C) { URL: u, RequestURI: u.RequestURI(), Header: http.Header{ - "Authorization": {"OAuth2 " + arvadostest.ActiveToken}, + "Authorization": {"Bearer " + arvadostest.ActiveToken}, }, } resp := httptest.NewRecorder() diff --git a/services/keepproxy/keepproxy_test.go b/services/keepproxy/keepproxy_test.go index ea8c9ba6ca..b6ea18f73f 100644 --- a/services/keepproxy/keepproxy_test.go +++ b/services/keepproxy/keepproxy_test.go @@ -158,7 +158,7 @@ func (s *ServerRequiredSuite) TestResponseViaHeader(c *C) { "http://"+srv.Addr+"/", strings.NewReader("TestViaHeader")) c.Assert(err, Equals, nil) - req.Header.Add("Authorization", "OAuth2 "+arvadostest.ActiveToken) + req.Header.Add("Authorization", "Bearer "+arvadostest.ActiveToken) resp, err := (&http.Client{}).Do(req) c.Assert(err, Equals, nil) c.Check(resp.Header.Get("Via"), Equals, "HTTP/1.1 keepproxy") @@ -235,7 +235,7 @@ func (s *ServerRequiredSuite) TestStorageClassesConfirmedHeader(c *C) { bytes.NewReader(content)) c.Assert(err, IsNil) req.Header.Set("X-Keep-Storage-Classes", "default") - req.Header.Set("Authorization", "OAuth2 "+arvadostest.ActiveToken) + req.Header.Set("Authorization", "Bearer "+arvadostest.ActiveToken) req.Header.Set("Content-Type", "application/octet-stream") resp, err := client.Do(req) @@ -296,7 +296,7 @@ func (s *ServerRequiredSuite) TestPutWrongContentLength(c *C) { bytes.NewReader(content)) c.Assert(err, IsNil) req.Header.Set("Content-Length", t.sendLength) - req.Header.Set("Authorization", "OAuth2 "+arvadostest.ActiveToken) + req.Header.Set("Authorization", "Bearer "+arvadostest.ActiveToken) req.Header.Set("Content-Type", "application/octet-stream") resp := httptest.NewRecorder() @@ -580,7 +580,7 @@ func (s *ServerRequiredSuite) TestPostWithoutHash(c *C) { "http://"+srv.Addr+"/", strings.NewReader("qux")) c.Check(err, IsNil) - req.Header.Add("Authorization", "OAuth2 "+arvadostest.ActiveToken) + req.Header.Add("Authorization", "Bearer "+arvadostest.ActiveToken) req.Header.Add("Content-Type", "application/octet-stream") resp, err := client.Do(req) c.Check(err, Equals, nil) diff --git a/services/workbench2/src/store/advanced-tab/advanced-tab.tsx b/services/workbench2/src/store/advanced-tab/advanced-tab.tsx index 068a1a7ea2..15def7e5d5 100644 --- a/services/workbench2/src/store/advanced-tab/advanced-tab.tsx +++ b/services/workbench2/src/store/advanced-tab/advanced-tab.tsx @@ -376,7 +376,7 @@ const curlHeader = (resourceKind: string, resource: string) => const curlExample = (uuid: string, resourcePrefix: string, resource: string | string[], resourceKind: string, resourceName: string) => { const curlExample = `curl -X PUT \\ - -H "Authorization: OAuth2 $ARVADOS_API_TOKEN" \\ + -H "Authorization: Bearer $ARVADOS_API_TOKEN" \\ --data-urlencode ${resourceKind}@/dev/stdin \\ https://$ARVADOS_API_HOST/arvados/v1/${resourcePrefix}/${uuid} \\ <