New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow custom auth #1946
Comments
Django rest framework also uses |
I can't understand what do you want, but I try to help:
Conclusion, Bruno is flexible enough to send request with custom convention authorization. If I miss some point, please explain more and I can help you. |
Yes, this is just a mild inconvenience. You can indeed authenticate your requests manually using the headers, manually adding However, if you use the authentication tab, and you select For example if you add Other tools let you configure the prefix keyword (or remove it) because people don't generally follow the standard and still call it bearer token. My suggestion would be just to add a new authentication method called "API Token" that does not prepend any keyword. |
Now I know what you mean, even by using manual headers, bruno keep Bearer token in the request. The case what I mention above, my Sonarqube just protect some endpoint, thats why I can't reproduce the problem. I'll take this issue. |
Thank you |
Running into the same issue with Django atm. Other API clients either let you choose a prefix (to replace |
+1 for this issue! Having the same trouble. |
@ericdain if you're using the header manually, remember to set authentication no None. Otherwise the Authentication tab will override the Authorization headers you've set. |
OH, I found my issue! My individual request was set properly with "Auth" tab -> "No Auth", but I had "Auth" set to "Bearer" at the Collection level, which also overrides child requests. @sergioisidoro Thanks for the point in the right direction! |
@ericdain This sounds like something that might result in unexpected behavior. In my opinion, the configuration of the request should always "win" because setting "No Auth" could be a very conscious and intentional decision to override the default authentication that is configured at the collection level. I think, it would be more intuitive and also more explicit to add an option "Inherit Auth", like Postman did it as well. |
I also think this is a must have feature, its easier to switch off the Auth Inheritance on requests, where as a custom header you cannot remove for specific requests. I am currently using collection headers and overwriting them with nothing on requests where I don't want to send the Auth token. |
@andreassiegel You prompted me to double check the behavior to be sure
So I agree, Auth > No Auth on a Request should not fallback to using whatever is set at the Collection, especially because there is an option for that (Inherit). No Auth on the Request should take precedence and be honored. |
My company users the following auth header format:
Authorization: JWT {{token}}
. This works on postman, because it lets you provide both the header name and the entire value. Bruno assumes part of the value and also assumes the header. I understand the convention on Bearer tokens, but we need to add another auth method that is more flexible.The text was updated successfully, but these errors were encountered: