token-type-tolerance

auth/authenticate.py

@@ -29,8 +29,7 @@ class JWTAuthenticate(AuthenticationBackend):
                 user_id=None, username=""
             )
         
-        if token.startswith("Bearer"):
+        token = token.split(" ")[-1]
-            token = token[len("Bearer "):]
 
         if len(token.split(".")) > 1:
             payload = await SessionToken.verify(token)

resolvers/auth.py

@@ -33,8 +33,7 @@ async def get_current_user(_, info):
     auth: AuthCredentials = info.context["request"].auth
     token = info.context["request"].headers.get(SESSION_TOKEN_HEADER)
 
-    if token.startswith("Bearer"):
+    token = token.split(" ")[-1]
-        token = token[len("Bearer "):]
 
     with local_session() as session:
         user = session.query(User).where(User.id == auth.user_id).one()