Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AdditionalHeaders not applied on authorize request #1036

Open
sarahmarkless opened this issue Nov 22, 2024 · 4 comments
Open

AdditionalHeaders not applied on authorize request #1036

sarahmarkless opened this issue Nov 22, 2024 · 4 comments

Comments

@sarahmarkless
Copy link

sarahmarkless commented Nov 22, 2024
edited
Loading

Issue

I am tyring to set up an authorize call, using serviceConfiguration to define authorization and token endpoints. I additionally want to send a header, but I've noticed that additionalHeaders only applies when on the first call to ./well-known/openid-configuration, and not to the subsequent call to /authorize

setup:

const config = {
      issuer:
        authorizeURL,
      additionalHeaders: { key: value },
      customHeaders: { authorize: { key: value } },
     ...otherProps
    };

Is there any workaround for this to send a header in the authorization call?

Environment

  • Platform that you're experiencing the issue on: both
  • Your react-native Version: e.g. 0.74.5
  • Your react-native-app-auth Version: e.g. 8.0.0
  • Are you using Expo? No
@sarahmarkless sarahmarkless changed the title AdditionalHeaders not applied when using serviceConfiguration AdditionalHeaders not applied on authorize request Nov 22, 2024
@carbonrobot
Copy link
Contributor

The additionalHeaders property applies to iOS devices only, and is passed to the AppAuth-iOS library directly. That library in turn uses it for authorization and token requests. The customHeaders property is similar, but for Android.

Could you tell me more about what headers you are having problems with and any error messages? What is the OAuth2 provider you are connecting to? Are those headers on the accept list for that provider?

@sirmong
Copy link

sirmong commented Jan 30, 2025

same issue here

@sarahmarkless
Copy link
Author

sarahmarkless commented Mar 12, 2025
edited
Loading

I am trying to set a Cookie header in order to set a custom cookie in the authorize request to set consent information to the sign in web page.

When adding this to both additionalHeaders and customerHeaders
additionalHeaders: {
'Cookie': cookieName=cookieValue,
},
customHeaders: {
authorize: { 'Cookie': cookieName=cookieValue },
},

From inspecting the network requests for both Android and iOS, I can see this Set-Cookie header being applied on call to ./well-known/openid-configuration, but not to the subsequent call to /authorize.

@sarahmarkless
Copy link
Author

Having investigated further, it is applying on the /tokens endpoint, it is just the /authorize endpoint it does not apply to. This is the only call that comes from the webview rather than the app itself, so maybe further changes are needed to pass the header into the /authorize call?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@carbonrobot @sirmong @sarahmarkless