From bb480d45e80c5e7cd1e678e5fc979f2219240e02 Mon Sep 17 00:00:00 2001
From: Roman Myhun <roman_myhun@epam.com>
Date: Thu, 17 Apr 2025 22:47:32 +0300
Subject: [PATCH] refactor(auth): use FastAPI's HTTPBearer for JWT token
 extraction

Refs: #196
---
 aidial_sdk/deployment/from_request_mixin.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/aidial_sdk/deployment/from_request_mixin.py b/aidial_sdk/deployment/from_request_mixin.py
index 73e9c44..730ed3e 100644
--- a/aidial_sdk/deployment/from_request_mixin.py
+++ b/aidial_sdk/deployment/from_request_mixin.py
@@ -4,6 +4,7 @@
 from urllib.parse import urljoin
 
 import fastapi
+from fastapi.security import HTTPBearer
 
 from aidial_sdk.exceptions import InternalServerError, InvalidRequestError
 from aidial_sdk.pydantic_v1 import Field, SecretStr, StrictStr, root_validator
@@ -34,6 +35,7 @@ class FromRequestDeploymentMixin(FromRequestMixin):
 
     _DIAL_APPLICATION_PROPERTIES_HEADER = "X-DIAL-APPLICATION-PROPERTIES"
     _DIAL_APPLICATION_ID_HEADER = "X-DIAL-APPLICATION-ID"
+    _bearer = HTTPBearer(auto_error=False)
 
     headers: Mapping[str, str]
     base_url: Optional[str] = None
@@ -139,7 +141,8 @@ async def from_request(
             raise InvalidRequestError("Api-Key header is required")
         del headers["Api-Key"]
 
-        jwt = headers.get("Authorization")
+        auth_credentials = await cls._bearer(request)
+        jwt = auth_credentials.credentials if auth_credentials else None
         del headers["Authorization"]
 
         application_properties = None