diff --git a/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/JwtFilter.java b/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/JwtFilter.java index b3e19465ed7..9b3e4f4ba96 100644 --- a/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/JwtFilter.java +++ b/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/JwtFilter.java @@ -38,7 +38,8 @@ import org.openmetadata.catalog.security.auth.CatalogSecurityContext; public class JwtFilter implements ContainerRequestFilter { @Context private UriInfo uriInfo; - public static final String TOKEN_HEADER = "X-Catalog-Source"; + public static final String AUTHORIZATION_HEADER = "Authorization"; + public static final String TOKEN_PREFIX = "Bearer"; private String publicKeyUri; @SuppressWarnings("unused") @@ -103,10 +104,14 @@ public class JwtFilter implements ContainerRequestFilter { protected static String extractToken(MultivaluedMap headers) { LOG.debug("Request Headers:{}", headers); - String source = headers.getFirst(TOKEN_HEADER); + String source = headers.getFirst(AUTHORIZATION_HEADER); if (Strings.isNullOrEmpty(source)) { throw new AuthenticationException("Not Authorized! Token not present"); } - return source; + // Extract the bearer token + if (source.startsWith(TOKEN_PREFIX)) { + return source.substring(TOKEN_PREFIX.length() + 1); + } + throw new AuthenticationException("Not Authorized! Token not present"); } } diff --git a/ingestion/src/metadata/ingestion/ometa/client.py b/ingestion/src/metadata/ingestion/ometa/client.py index 48309f32878..7d66a8f6e5c 100644 --- a/ingestion/src/metadata/ingestion/ometa/client.py +++ b/ingestion/src/metadata/ingestion/ometa/client.py @@ -128,7 +128,7 @@ class REST: url: URL = URL(base_url + "/" + version + path) headers = {"Content-type": "application/json"} if self._auth_token is not None and self._auth_token != "no_token": - headers[self.config.auth_header] = self._auth_token + headers[self.config.auth_header] = f"Bearer {self._auth_token}" opts = { "headers": headers, # Since we allow users to set endpoint URL via env var, diff --git a/ingestion/src/metadata/ingestion/ometa/ometa_api.py b/ingestion/src/metadata/ingestion/ometa/ometa_api.py index e793c765df0..e7b92e49607 100644 --- a/ingestion/src/metadata/ingestion/ometa/ometa_api.py +++ b/ingestion/src/metadata/ingestion/ometa/ometa_api.py @@ -138,7 +138,7 @@ class OpenMetadata( client_config: ClientConfig = ClientConfig( base_url=self.config.api_endpoint, api_version=self.config.api_version, - auth_header="X-Catalog-Source", + auth_header="Authorization", auth_token=self._auth_provider.auth_token(), ) self.client = REST(client_config) diff --git a/ingestion/src/metadata/ingestion/ometa/openmetadata_rest.py b/ingestion/src/metadata/ingestion/ometa/openmetadata_rest.py index 391ebb08b63..fe1321cac4f 100644 --- a/ingestion/src/metadata/ingestion/ometa/openmetadata_rest.py +++ b/ingestion/src/metadata/ingestion/ometa/openmetadata_rest.py @@ -100,7 +100,7 @@ class MetadataServerConfig(ConfigModel): domain: str = None email: str = None audience: str = "https://www.googleapis.com/oauth2/v4/token" - auth_header: str = "X-Catalog-Source" + auth_header: str = "Authorization" class NoOpAuthenticationProvider(AuthenticationProvider): diff --git a/openmetadata-ui/src/main/resources/ui/src/axiosAPIs/index.js b/openmetadata-ui/src/main/resources/ui/src/axiosAPIs/index.js index 416c152b209..a3ffabf18a3 100644 --- a/openmetadata-ui/src/main/resources/ui/src/axiosAPIs/index.js +++ b/openmetadata-ui/src/main/resources/ui/src/axiosAPIs/index.js @@ -26,7 +26,7 @@ const axiosClient = axios.create({ axiosClient.interceptors.request.use(function (config) { const token = cookieStorage.getItem(oidcTokenKey); if (token) { - config.headers['X-Catalog-Source'] = token; + config.headers['Authorization'] = `Bearer ${token}`; } return config;