Fix #2478: Update the auth header to Authorization Bearer for JWT token (#2483)

* Fix #2478: Update the auth header to Authorization Bearer for JWT token

catalog-rest-service/src/main/java/org/openmetadata/catalog/security/JwtFilter.java

@@ -38,7 +38,8 @@ import org.openmetadata.catalog.security.auth.CatalogSecurityContext;
 public class JwtFilter implements ContainerRequestFilter {
   @Context private UriInfo uriInfo;
 
-  public static final String TOKEN_HEADER = "X-Catalog-Source";
+  public static final String AUTHORIZATION_HEADER = "Authorization";
+  public static final String TOKEN_PREFIX = "Bearer";
   private String publicKeyUri;
 
   @SuppressWarnings("unused")
@@ -103,10 +104,14 @@ public class JwtFilter implements ContainerRequestFilter {
 
   protected static String extractToken(MultivaluedMap<String, String> headers) {
     LOG.debug("Request Headers:{}", headers);
-    String source = headers.getFirst(TOKEN_HEADER);
+    String source = headers.getFirst(AUTHORIZATION_HEADER);
     if (Strings.isNullOrEmpty(source)) {
       throw new AuthenticationException("Not Authorized! Token not present");
     }
-    return source;
+    // Extract the bearer token
+    if (source.startsWith(TOKEN_PREFIX)) {
+      return source.substring(TOKEN_PREFIX.length() + 1);
+    }
+    throw new AuthenticationException("Not Authorized! Token not present");
   }
 }

ingestion/src/metadata/ingestion/ometa/client.py

@@ -128,7 +128,7 @@ class REST:
         url: URL = URL(base_url + "/" + version + path)
         headers = {"Content-type": "application/json"}
         if self._auth_token is not None and self._auth_token != "no_token":
-            headers[self.config.auth_header] = self._auth_token
+            headers[self.config.auth_header] = f"Bearer {self._auth_token}"
         opts = {
             "headers": headers,
             # Since we allow users to set endpoint URL via env var,

ingestion/src/metadata/ingestion/ometa/ometa_api.py

@@ -138,7 +138,7 @@ class OpenMetadata(
         client_config: ClientConfig = ClientConfig(
             base_url=self.config.api_endpoint,
             api_version=self.config.api_version,
-            auth_header="X-Catalog-Source",
+            auth_header="Authorization",
             auth_token=self._auth_provider.auth_token(),
         )
         self.client = REST(client_config)

ingestion/src/metadata/ingestion/ometa/openmetadata_rest.py

@@ -100,7 +100,7 @@ class MetadataServerConfig(ConfigModel):
     domain: str = None
     email: str = None
     audience: str = "https://www.googleapis.com/oauth2/v4/token"
-    auth_header: str = "X-Catalog-Source"
+    auth_header: str = "Authorization"
 
 
 class NoOpAuthenticationProvider(AuthenticationProvider):

openmetadata-ui/src/main/resources/ui/src/axiosAPIs/index.js

@@ -26,7 +26,7 @@ const axiosClient = axios.create({
 axiosClient.interceptors.request.use(function (config) {
   const token = cookieStorage.getItem(oidcTokenKey);
   if (token) {
-    config.headers['X-Catalog-Source'] = token;
+    config.headers['Authorization'] = `Bearer ${token}`;
   }
 
   return config;