Set custom auth header

[mattyod]

🚀 Feature Proposal

Add the ability to set a custom authorization header.

If a header property exists in options then use basic-auths auth.parse() method rather than auth().

Motivation

Some of our services sit behind an API Gateway that transfers incoming authorization headers onto a custom x-forwarded-authorization header. Unfortunately that API Gateway does not provide basic authentication checks 🤷 , so authentication still needs to be done within the service. (there are other benefits to the Gateway in case you are wondering 😄 ).

Example

fastify.register(basicAuth, { validate, authenticate, header: 'x-forwarded-authorization` }

[Eomm]

Would you like to send a Pull Request to address this issue? Remember to add unit tests.

[jsumners]

I'm not clear why the gateway would violate the spec and necessitate this module to do the same -- https://datatracker.ietf.org/doc/html/rfc7235#section-4.2

A proxy forwarding a request MUST NOT modify any Authorization fields
in that request. See Section 3.2 of [RFC7234] for details of and
requirements pertaining to handling of the Authorization field by
HTTP caches.

[mattyod]

Thanks, I'll try and get something up in a PR shortly.

I'm not clear why the gateway would violate the spec and necessitate this module to do the same

It's a fair question, I guess they see this as a gateway to a system rather than a proxy to another API, though I'm speculating.

https://cloud.google.com/endpoints/docs/openapi/service-account-authentication#receiving_authenticated_results_in_your_api

[mcollina]

PRs are welcome!

[mattyod]

Thank you for accepting a PR on this, it's a great help.

A member of our platform team has raised a case with GCP asking about the reasoning behind moving authentication onto the x-forwarded-authorization header, and as you point out, breaking the specification. I'll try to update here with the outcome of that.

[taiio]

Tried set header but still not working. still by default still get the header with the key is: Authorization