misc/watchy-experimentation#7: Authorization header PR to ESP32 HTTP Client

Issue Information

Issue Type: issue
Status: closed
Reported By: btasker
Assigned To: btasker

Created: 18-Jun-23 08:14



Description

I should probably look at making a PR to ESP32's HTTP client to add support for setting the Authorization header to an arbitrary(ish) string so that Bearer tokens and the like can be provided.

Currently, it only supports Basic Authentication.

It looks as though I'm not the only one to have run into this, arduino-esp32 4687 refers to it but doesn't seem to have got any traction.



Toggle State Changes

Activity


18-Jun-23 08:14

assigned to @btasker


19-Jun-23 11:24

Oh actually, it looks like it might be supported after all, if not massively intuitive.

It's not possible to do

http.setAuthorization('Bearer Zm9vbw==');

because that ends up sending an invalid header:

GET /query?db=Systemstats&q=SELECT%20round%28last%28localSupplyPercToday%3A%3Ainteger%29%29%20as%20i%20FROM%20solar_inverter%20WHERE%20time%20%3E%20now%28%29%20-%2020m HTTP/1.1
Host: 192.168.3.20:18086
User-Agent: ESP32HTTPClient
Connection: keep-alive
Accept-Encoding: identity;q=1,chunked;q=0.1,*;q=0
Authorization: Basic Bearer Zm9vbw==

But, it turns out that there's a second method

http.setAuthorization('Zm9vbw==');
http.setAuthorizationType("Bearer");

Which results in the header being set correctly

GET /query?db=Systemstats&q=SELECT%20round%28last%28localSupplyPercToday%3A%3Ainteger%29%29%20as%20i%20FROM%20solar_inverter%20WHERE%20time%20%3E%20now%28%29%20-%2020m HTTP/1.1
Host: 192.168.3.20:18086
User-Agent: ESP32HTTPClient
Connection: keep-alive
Accept-Encoding: identity;q=1,chunked;q=0.1,*;q=0
Authorization: Bearer Zm9vbw==

So, I was mistaken and it is in fact possible to add a bearer token to a HTTP request generated with the ESP32 HTTP client.