Skip to content

Cloud PDP returns 401 due to lowercase "bearer" in Authorization header #122

Open
#123
Open
Cloud PDP returns 401 due to lowercase "bearer" in Authorization header#122
#123
@SureneruS

Description

@SureneruS
SureneruS
opened on Dec 31, 2025

Description

The SDK uses lowercase bearer in the Authorization header, but the Cloud PDP (https://cloudpdp.api.permit.io) requires uppercase Bearer per RFC 6750.

Location

https://github.com/permitio/permit-python/blob/main/permit/enforcement/enforcer.py#L47

self._headers = {
"Content-Type": "application/json",
"Authorization": f"bearer {self._config.token}", # Should be "Bearer"
}

Steps to Reproduce

  1. Use permit SDK v2.8.3 with Cloud PDP
  2. Call permit.check() with valid API key
  3. Get PermitConnectionError: Permit SDK got unexpected status code: 401

Evidence

Lowercase bearer fails:

curl -X POST https://cloudpdp.api.permit.io/allowed
-H "Authorization: bearer permit_key_xxx"
-H "Content-Type: application/json"
-d '{"user": {"key": "test"}, "action": "view", "resource": {"type": "Resource"}}'

Returns: {"message":"Unauthorized"}

Uppercase Bearer works:

curl -X POST https://cloudpdp.api.permit.io/allowed
-H "Authorization: Bearer permit_key_xxx"
-H "Content-Type: application/json"
-d '{"user": {"key": "test"}, "action": "view", "resource": {"type": "Resource"}}'

Returns: {"allow": true, ...}

Fix

Change line 47 in permit/enforcement/enforcer.py:

"Authorization": f"Bearer {self._config.token}",

Environment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions