Skip to content

Authorization header token types should be handled case insensitive #1490

@FrittenKeeZ

Description

@FrittenKeeZ

We just ran into an issue using Laravel Passport where a 3rd party was sending Authorization: bearer <...> instead of Authorization: Bearer <...> which is rejected due to checks being done case sensitively.

According to https://auth0.com/blog/the-bearer-token-case/ and it's numerous sources the token types should be handled case insensitively.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions