You can use example below to validate bearer authorization header in Golang requests.


Validator


package validator

import (
"strings"
)

// BearerAuthHeader validates incoming `r.Header.Get("Authorization")` header
// and returns token otherwise an empty string.
func BearerAuthHeader(authHeader string) string {
if authHeader == "" {
return ""
}

parts := strings.Split(authHeader, "Bearer")
if len(parts) != 2 {
return ""
}

token := strings.TrimSpace(parts[1])
if len(token) < 1 {
return ""
}

return token
}

Test


package validator

import "testing"

func TestBearerAuthHeader(t *testing.T) {
tests := []struct{
name string
auth string
token string
}{
{
"EmptyInput",
"",
"",
},
{
"EmptyStringInput",
" ",
"",
},
{
"BearerWithoutToken",
"Bearer",
"",
},
{
"BearerPrefixWithEmptyStringToken",
"Bearer ",
"",
},
{
"WrongPrefixWithToken",
"Basic token",
"",
},
{
"WrongBearerPrefixCaseWithToken",
"BEARER token",
"",
},
{
"BearerPrefixWithNextLineToken",
"Bearer \n",
"",
},
{
"BearerPrefixWithTabToken",
"Bearer \t",
"",
},
{
"IncorrectlySpacedValidRequest",
" Bearer token ",
"token",
},
{
"CorrectlySpacedValidRequest",
"Bearer token",
"token",
},
}

for _, c := range tests {
t.Run(c.name, func(t *testing.T) {
token := BearerAuthHeader(c.auth)

if c.token != token {
t.Fatal("expected", c.token, "but got", token)
}
})
}
}

=== RUN   TestBearerAuthHeader
=== RUN TestBearerAuthHeader/EmptyInput
=== RUN TestBearerAuthHeader/EmptyStringInput
=== RUN TestBearerAuthHeader/BearerWithoutToken
=== RUN TestBearerAuthHeader/BearerPrefixWithEmptyStringToken
=== RUN TestBearerAuthHeader/WrongPrefixWithToken
=== RUN TestBearerAuthHeader/WrongBearerPrefixCaseWithToken
=== RUN TestBearerAuthHeader/BearerPrefixWithNextLineToken
=== RUN TestBearerAuthHeader/BearerPrefixWithTabToken
=== RUN TestBearerAuthHeader/IncorrectlySpacedValidRequest
=== RUN TestBearerAuthHeader/CorrectlySpacedValidRequest
--- PASS: TestBearerAuthHeader (0.00s)
--- PASS: TestBearerAuthHeader/EmptyInput (0.00s)
--- PASS: TestBearerAuthHeader/EmptyStringInput (0.00s)
--- PASS: TestBearerAuthHeader/BearerWithoutToken (0.00s)
--- PASS: TestBearerAuthHeader/BearerPrefixWithEmptyStringToken (0.00s)
--- PASS: TestBearerAuthHeader/WrongPrefixWithToken (0.00s)
--- PASS: TestBearerAuthHeader/WrongBearerPrefixCaseWithToken (0.00s)
--- PASS: TestBearerAuthHeader/BearerPrefixWithNextLineToken (0.00s)
--- PASS: TestBearerAuthHeader/BearerPrefixWithTabToken (0.00s)
--- PASS: TestBearerAuthHeader/IncorrectlySpacedValidRequest (0.00s)
--- PASS: TestBearerAuthHeader/CorrectlySpacedValidRequest (0.00s)
PASS
ok internal/pkg/validator 0.008s