Add Default Header causing duplicates

[Andrew Lowe]

I've just updated RestSharp from 106.5.4 to 106.6.10 on a project and it's started duplicating the Authorization header.

My code has been:

client.AddDefaultHeader("Authorization","Bearer [TOKEN]");

Since upgrading on calling 

var response = client.Execute<List<Vendor>>(request)

the API endpoint is returing unauthorized error codes and apon inspection I can see two Authorization headers in the client.DefaultParameters.

client.AllowMultipleDefaultParametersWithSameName is the default, and I can confirm it is false.

updating the code to Add the Authorization header to:

while(client.DefaultParameters.Any(p=>p.Name=="Authorization"))

  client.DefaultParameters.Remove(client.DefaultParameters.First(p => p.Name == "Authorization"));

client.AddDefaultHeader("Authorization", "Bearer [TOKEN]");

corrects the issue.

I was going to submit an issue on the GitHub tracker, but it suggested to discuss on this group first.

I'm happy to answer anything further on the issue.

Thanks,

Andrew

[Alexey Zimarev]

I would suggest using the Jwb Authenticator. We have it out of the box. In 106.9 it also supports updating the token. It takes care of adding or updating the parameter, so there will be no duplicates.

Adding parameters even if a parameter with the same name already exists is intentional. We didn't support that before, but some people have this requirement.

Also, you can use the new method AddOrUpdateDefaultParameter.

[Andrew Lowe]

Thanks for the info, it is good to know the expected behaviour. It's interesting that the AddDefaultParameter was replacing in the earlier release.

Unfortunately I cannot use the JWT Authenticator, as the service I am working with is a little non-standard. The code I am using is working well, and I will look at migrating to the AddOrUpdateDefaultParameter method on the next change.

Thanks again,

Andrew

[Alexey Zimarev]

If you look at the JwtAuthenticator code, it does nothing more than adding the same header as you do. It's basically two lines of code.

[Andrew Lowe]

Thanks, but my authenticator does basic token management as well as the token expires after a few hours or days.

If token is null or expired

Request new token using application/user/password against another server

Add token to request headers for api usage

The add auth header part is very similar to the JwtAuthenticator (https://github.com/restsharp/RestSharp/blob/master/src/RestSharp/Authenticators/JwtAuthenticator.cs) but it's the token management before that requires the custom code.

I've thought of moving the token management outside of the Authenticator (application initialisation), however, the token request is a little slow, so the token is saved between sessions and only requested as it expires. It can expire while the code is running.

The application in question synchronises data from a hosted application and a local database with no user interaction.

Thanks again.