Header error regarding JWT implementation

[nmolenaar]

First off, Thank you so much for your project (time and effort!).
On this moment I'm experiencing some errors regarding the JWT header (name/value) combination.

The error throw = Illegal request header: Illegal 'authorization' header: Invalid input '=', expected auth-param, OWS, token68, 'EOI' or tchar

Using the directive optionalSession(oneOff, usingHeaders)
This directive always returns an Option[T] containing a None

[adamw]

Can you paste the headers that you are sending to the server?

[slothspot]

I have same warning, coming from akka http dispatcher:
Illegal request header: Illegal 'authorization' header: Invalid input '=', expected auth-param, OWS, token68, 'EOI' or tchar (line 1, column 142): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InJvbGUiOiJzdHViUm9sZSJ9LCJleHAiOjE0OTIxNzY2MTB9.gEgcDFDb+G+sZjq0ekw7cr0Z8J58ywmWvFrowlCEBkE=

With setSession(oneOff, usingHeaders, ...) I have

Set-Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InJvbGUiOiJzdHViUm9sZSJ9LCJleHAiOjE0OTIxNzY2MTB9.gEgcDFDb+G+sZjq0ekw7cr0Z8J58ywmWvFrowlCEBkE=

in response.

curl -X GET -H "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InJvbGUiOiJzdHViUm9sZSJ9LCJleHAiOjE0OTIxNzY2MTB9.gEgcDFDb+G+sZjq0ekw7cr0Z8J58ywmWvFrowlCEBkE=" http://host/resource

produces already mentioned warning from dispatcher,
omitting = in header value prevents decoding of session

[nmolenaar]

@adamw

Accept:application/json, text/plain, /
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,nl;q=0.6,de;q=0.4,af;q=0.2
Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZXIiOnsiaWQiOjEsImVtYWlsIjoiZW5hYmxlQG1vbGVuYWFyLmlvIiwicGFzc3dvcmQiOiIkMmEkMTAkL3BNclY4bnlEV3VXY0cva3hTa1U5LjNXNTAxZG1hUzBRb0ZSeTJZNk5NSHF5Z29DSUkxWUciLCJhY3RpdmUiOnRydWV9fSwiZXhwIjoxNTA0ODAyMTU3fQ==.CsmHEuAIdxFDn9wDHzpnqX9WWiYsRPfSaSWzCNuTU30=
Connection:keep-alive
DNT:1
Host:localhost:8080
Origin:http://localhost:8000
Referer:http://localhost:8000/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

[adamw]

@NicholasMolenaar doesn't JWT require the Bearer prefix before the token? So the header would be:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZXIiOnsiaWQiOjEsImVtYWlsIjoiZW5hYmxlQG1vbGVuYWFyLmlvIiwicGFzc3dvcmQiOiIkMmEkMTAkL3BNclY4bnlEV3VXY0cva3hTa1U5LjNXNTAxZG1hUzBRb0ZSeTJZNk5NSHF5Z29DSUkxWUciLCJhY3RpdmUiOnRydWV9fSwiZXhwIjoxNTA0ODAyMTU3fQ==.CsmHEuAIdxFDn9wDHzpnqX9WWiYsRPfSaSWzCNuTU30=

[ghost]

I have the same issue.

[adamw]

@milanvdmria which version, are you on latest?

[ghost]

@adamw I just saw there was an upgrade with the commit 69ae123 which I suppose is a fix for thise problem?
Ill test on latest.

[aniketkakde]

I have similar problem... any suggestions ... by the way , I am not using akka-http-session lib at the client side. It is not produced at the local but at the server after deployment