Sign Up ›
  • Mo Hassan
  • NEWBIE
  • 0 Points
  • Member since 2021
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 1
    Replies
1 replies

External service ignoring header authorization

Hi, 

We have registered an external service with a named credential which was working okay. Suddenly, without any change to the external service, or named credential it stopped working. 

It appears that external service call outs via a flow is ignoring the "Authorization" parameter in the header. 

Has there been any recent changes that would affect authorization via a header parameter in a REST API schema? 

Thanks
13 replies

Unable to include Authorization header from External Services schema JSON (via Flow)

Hi all,
we have had the following configuration which has worked prior to Summer '21:

#1: External Services schema JSON:

{
  "swagger": "2.0",
  "info": {
    "title": "title",
    "description": "API for host",
    "version": "0.0.1"
  },
  "securityDefinitions": {
    "JWT": {
      "type": "apiKey",
      "in": "header",
      "name": "Authorization"
    }
  },
  "security": [
    {
      "JWT": []
    }
  ],
  "tags": [
    {
      "name": "V1",
      "description": "Operations about V1"
    }
  ],
  "host": "hostName",
  "schemes": [
    "https"
  ],
  "paths": {
    "/graphql": {
      "post": {
        "tags": [
          "V1"
        ],
        "description": "Graphql post",
        "operationId": "graphqlPost",
        "consumes": [
          "application/json"
        ],
        "produces": [
          "application/json"
        ],
        "parameters": [
          {
            "name": "Authorization",
            "in": "header",
            "description": "Authorization",
            "required": true,
            "type": "string"
          },
          {
            "name": "BodyModel",
            "in": "body",
            "description": "BodyModel",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "OK",
            "schema": {
              "type": "string"
            }
          }
        },
        "security": []
      }
    }
  },
  "definitions": {}
}

#2: Basic Named Credentials which have "Authentication Protocol" as "No Authentication"

#3 Flow which utilizes the #1 and #2 so it can make some API requests with Authorization: Bearer <api key> in the header and some JSON body.

 

After Summer '21, without anything being changed on the above 3 points, API requests started failing.

We have debugged and figured out that Flow will not send the Authorization header anymore (although it shows in the flow debug log that it is there). Headers named other than "Authorization" will pass.

I can not find anything in the release notes pointing me to the exact change and required adaptations in order for this to work again.

Does anyone know what change should External Service JSON maybe have in order for Auth header to be compatible with Summer '21 changes?

 

Thanks