Custom Authorization Headers appended to request

[sytabaresa]

Hello, I want to use the httpie oauth plugin with custom Authorization value appended to the auto-generated value; but when I execute the following:

$ http --auth-type=oauth1 --auth='client-key:client-secret' example.org 'Authorization: oauth_token="token" '

The custom value is ignored.
Why this happen?

Thanks for you support!

[hoylen]

When httpie or httpie-oauth adds its own "Authorization" header, it appears to simply ignore and removes all "Authorization" headers (regardless of what scheme they use). That is probably the wrong behaviour.

Fortunately, OAuth parameters can come from several parts of the request (see section 3.4.1.3.1 of RFC5849):

• The OAuth Authorization header (the most common);
• Query components of the URI; or
• the body when the Content-Type is "application/x-www-form-urlencoded".

So you can achieve the same result by either using query parameters:

$ http  ... http://example.org?oauth_token=token

Or encoded into the body:

$ http ... --form http://example.org oauth_token=token