[Bug]: Something is up with authorization on the OpenAPI data sources

[LennardF1989]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I've tried two OpenAPI specs:

• https://api.timechimp.com/swagger/docs/v1 (which uses apiKey with an Authorization header)
• https://github.com/MicrosoftDocs/vsts-rest-api-specs/blob/master/specification/core/6.1/core.json (which uses basic)

No matter the values I tried, I could never get the API's to properly authenticate. Whereas if I use the plain REST API and setup the authorization headers accordingly, the endpoint work fine.

Expected Behavior

The API's actually authenticate properly depending on their type.

Steps to reproduce

Use the above OpenAPI specs, or find something else you as a developer have access to, and try to get the different types of authorization to work.

Environment

No response

Additional Information

I've tried to go through the code and see if I could spot something glaringly wrong. I couldn't, but I have a feeling the authorization headers aren't properly set on the fetch-request. That said, I will see if I can inspect it using the Inspector... Nope.

[FalkWolsky]

As we worked heavy on OAuth (Generic Provider), these issues should be solved now.
If they remain problematic for you - please just re-open the issue.

[Insomniacnomis]

I have this issue in my instance, being unable to access the API with an API key.
Giving the API key as an "Authorization" header, the call is returned as if no user is logged in.

As an example, running the following curl command:

curl \
	--location 'http://<DOMAIN>//api/users/me' \
	--header 'Accept: */*' \
	--header 'Authorization: ey...<REST OF THE API KEY>'

Returns as if the user is anonymous:

{"code":1,"message":"","data":{
   "id":null,
   "orgAndRoles":null,
   "currentOrgId":null,
   "username":"anonymous",
   "connections":null,
   "uiLanguage":"en",
   "avatar":null,
   "avatarUrl":null,
   "hasPassword":false,
   "hasSetNickname":false,
   "hasShownNewUserGuidance":false,
   "userStatus":null,
   "createdTimeMs":0,
   "ip":"X.X.X.X",
   "enabled":false,
   "anonymous":true,
   "orgDev":false,
   "isAnonymous":true,
   "isEnabled":false},
"success":true}

[FalkWolsky]

The reason is a "missing" Bearer word before the actual Token.
It should be --header 'Authorization: Bearer ey...'

[Insomniacnomis]

The reason is a "missing" Bearer word before the actual Token. It should be --header 'Authorization: Bearer ey...'

I have tried it with and without Bearer, and the result is still the same. And a bunch of other combinations with the same result
Also, I am now checking that the cookie method isn't working either; neither with the cookie obtained with the API login (funny, that one does seem to work) nor a cookie copied from my web browser logged session.

I am running on Docker the version 2.4 if that matters