Authentication Issue when bearer_auth is set #198
Description
Hey all 👋
The provider has an authentication issue when using a Bearer token.
When setting the provider with a bearer_auth, the provider is incorrectly using Basic authentication with empty credentials instead of using the Bearer token.
This results in "Invalid IAP credentials: empty token" error, even with a valid token.
Steps to reproduce the issue
Set the provider with bearer_auth:
provider "airbyte" {
server_url = "https://airbyte.dev/api/public/v1/"
bearer_auth = "XYZ"
}
Intercept the HTTP req, and you'll see that the req was sent with:
Authorization: Basic 0g==
Instead of the expected:
Authorization: Bearer XYZ
Potential fix
When looking at the Configure method, both authentication methods are being initialized (so we have the SchemeBasicAuth even if we didn't set any user/password).
In the handleBasicAuthScheme basic authentication headers are added without checking if the username and password are empty.
Both BearerAuth and BasicAuth are not nil, both are processed, and both set the same HTTP header. Since the fields are processed in order -- BasicAuth overwrites the BearerAuth header, and used no matter what.
A simple naive fix could be as easy as giving priority to bearerAuth with:
var basicAuth *shared.SchemeBasicAuth = nil
if bearerAuth == nil && (username != "" || password != "") {
basicAuth = &shared.SchemeBasicAuth{
Username: username,
Password: password,
}
}
Hope it make sense :)