Staging instance, all changes can be removed at any time

Skip to content

starlette: Allow to provide access token in authorization header

Previously the OpenID Connect backend was only allowing to provide a refresh token in authorization header for convenient access token renewal when querying a GraphQL service outside of a browser.

When one wants to query a GraphQL service inside a browser, the access tokens are usually created and renewed client-side so also allow to provide an access token in the authorization header. In that case, the backend will simply try to decode it in order to authenticate the user.

Related to swh-graphql#4652

Merge request reports

Loading