Is there a way to tell the Auth plugin not to add ...
# ktor
s
Is there a way to tell the Auth plugin not to add an
Authorization: Bearer
header, preferably within an
install(DefaultRequest)
configuration block? The
AuthCircuitBreaker
seems to only skip the refresh token cycle, but it will still add the header if there are tokens available in the `BearerAuthProvider`'s
AuthTokenHolder
. I've currently found a workaround where I'm creating a
BearerAuthProvider
manually and passing it to `Auth`'s
providers
(instead of using the DSL), but it feels a little hacky. Would it make sense with another attribute that prevented the plugin from adding the header, perhaps? I've also tried removing the header manually inside of the
install(DefaultRequest)
block, but I think the Auth plugin might be adding it back after I removed it.
a
You can set a block via the
sendWithoutRequest
method to configure when to send the
Authorization
header without waiting for 401 status code from a server. I think manual passing of a
BearerAuthProvider
is a fine approach.
s
Thanks for your response!
sendWithoutRequest
also seems to set the
Authorization: Bearer
token header if it's present in the cache, though. So I guess going with the manually built
BearerAuthProvider
is the way to go. 👍