Trim PAT token and reject internal whitespace with a coded error#183
Draft
parthban-db wants to merge 1 commit into
Draft
Trim PAT token and reject internal whitespace with a coded error#183parthban-db wants to merge 1 commit into
parthban-db wants to merge 1 commit into
Conversation
|
Please ensure that the NEXT_CHANGELOG.md file is updated with any relevant changes. |
1 similar comment
|
Please ensure that the NEXT_CHANGELOG.md file is updated with any relevant changes. |
parthban-db
force-pushed
the
parthban-db/stack/bugbash-bug7-pat-trim
branch
from
8977991 to
15486da
Compare
parthban-db
changed the base branch from
main
to
parthban-db/stack/bugbash-bug12-pat-error
parthban-db
force-pushed
the
parthban-db/stack/bugbash-bug12-pat-error
branch
from
b1275df to
3fdf1e6
Compare
parthban-db
force-pushed
the
parthban-db/stack/bugbash-bug7-pat-trim
branch
from
15486da to
6f8e509
Compare
Base automatically changed from
parthban-db/stack/bugbash-bug12-pat-error
to
main
June 4, 2026 12:56
`newPatCredentials` now trims surrounding whitespace from the token before validating, so a value with a trailing newline (e.g. read from a file or env var) produces a valid `Authorization` header. A token containing internal whitespace now throws `PatCredentialsError` with code `TOKEN_MALFORMED` instead of silently building a malformed `Bearer` header. Co-authored-by: Isaac
parthban-db
force-pushed
the
parthban-db/stack/bugbash-bug7-pat-trim
branch
from
6f8e509 to
3fe7378
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🥞 Stacked PR
Use this link to review incremental changes.
Summary
newPatCredentialsnow trims surrounding whitespace from the token and rejects tokens containing internal whitespace. A token read with a trailing newline (e.g.$(cat token)) now produces a cleanBearer <token>header instead of a malformed one.Why
Previously
newPatCredentialsonly checkedtoken === ''and interpolated the raw value straight into the header, so a token with a trailing newline silently producedBearer dapiABC\nand the server rejected the request with an opaque auth failure. Trimming fixes the common newline case, and an explicit check turns the genuinely broken case (whitespace inside the token) into a fast, actionable error instead of a confusing server-side rejection.What changed
Bearerheader.PatCredentialsError('TOKEN_REQUIRED').PatCredentialsError('TOKEN_MALFORMED').PatCredentialsErrorintroduced in [auth] Throw exported, coded PatCredentialsError from PAT credentials #186 (this branch adds theTOKEN_MALFORMEDpath and the trim logic).packages/auth/tests/credentials/pat.test.ts.config/auth_pat.go), which neither trims nor validates whitespace; the JS SDK surfaces the malformed-header failure to callers, so trimming plus a coded error is more useful here.Validated:
npm run build,npm test,npm run test:browser,npm run typecheck, andnpm run lintfor@databricks/sdk-authall pass.