Background: I have an API that previously running behind VPN. The API it self implement JWT Authentication for some path, so we have to attach:
Authorization: Bearer <jwt_token xxxx>
We just update our API to run behind Google Identity Aware Proxy and we follow the official documentation here. Everything working perfectly except for every path that need the JWT Authentication. The IAP mechanism also use:
Authorization: Bearer xxxx
And will overide the existing Authentication: header. Any suggestions without changing the existing code?
Thank you.
As suggested by John, you can use two separate headers for the tokens.
If you encounter this error, you can report it via Public Issue Tracker.
There is also a similar case being tracked here which you may find helpful.