Major Dash and underscore are automatically corrected when keying the Auth user key field.
In particular when using header underscore is translated into dash and when using query parameter dash is translated into underscore.
Both char "_" "-" are valid as both headers and http param (https://www.greenbytes.de/tech/webdav/rfc7230.html#rfc.section.A.2.p.9)
If there is some limitations from NGINX code it would be nice to explain it or to have a configuration to overcome this (i.e. underscores_in_headers on; )
In SaaS there is an inconsistency in the way these characters are handled:
the behavior described above can be reproduced when updating the value of the `Auth user key` field from the Admin Portal integration / configuration page, however, if the same value is updated via the 3scale API [1], any value is accepted and it is possible to include underscores `_` in Headers credentials, dashes `-` in query parameters and vice versa.
[1]
curl -v -X PATCH "https://<ADMIN_PORTAL>/admin/api/services/<SERVICE_ID>/proxy.xml" -d 'access_token=<ACCESS_TOKEN>&auth_user_key=user-key_'
- is related to
-
THREESCALE-4760 Dash and underscore are treated as the same character in API Key authentication
-
- Closed
-
- links to