Basic authorization and Bearer authorization can’t be used simultaneously.

2 min readJul 10, 2021

I spent four days solving a problem. Of course, I lacked of knowledge about authorizations, but this was very tricky, so I’m going to write down the problem and the solution.

The problem

I was developing an application using Oauth authorization. The libraries were omniauth-oauth2 and doorkeeper.

omniauth/omniauth-oauth2

This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve as a building block strategy for other…

github.com

doorkeeper-gem/doorkeeper

Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider functionality to your Ruby on Rails…

github.com

I managed to finish it up on the development environment, and I merged it to the staging environment. However, it didn’t work well. The logger showed me the error “invalid credential”. When I saw the error, I first thought about the possibility that my codes were wrong , but if my codes were wrong, the development environment wouldn’t work either. I looked for the cause such as “sessions were deleted?”, “libraries had bugs?(sorry)”, and “environment variables were mistaken?” However, they were not the answer.

The answer

As I wrote in the title of this article, different authorizations can’t be used at the same time. In Oauth2 authorizations, bearer authorization is used by default, while on my staging environment, basic authorization was used. I tried removing the basic authorization from the staging, and Oauth authorization passed! That was the cause…

Wrap up

This problem was so tough that I truly don’t want to experience problems like this. If you face similar problems in the future, please remember this article.