BC-6453 - make jwt extraction more general

hpi-schul-cloud · Jun 11, 2024 · 7d7f51c · 7d7f51c
1 parent 7122174
commit 7d7f51c
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/apps/server/src/infra/authorization-client/authorization-client.adapter.ts b/apps/server/src/infra/authorization-client/authorization-client.adapter.ts
@@ -35,7 +35,10 @@ export class AuthorizationClientAdapter {
 
 	private getJWT(): string {
 		const getJWT = ExtractJwt.fromExtractors([ExtractJwt.fromAuthHeaderAsBearerToken(), this.fromCookie('jwt')]);
-		const jwt = getJWT(this.request) || this.request.headers.authorization;
+		let jwt = getJWT(this.request) || this.request.headers.authorization;
+		if (jwt?.toLowerCase()?.startsWith('bearer ')) {
+			[, jwt] = jwt.split(' ');
+		}
 
 		if (!jwt) {
 			throw new UnauthorizedException('Authentication is required.');