Skip to content

Cloud PDP returns 401 due to lowercase "bearer" in Authorization header #122

Open
#123
Open
Cloud PDP returns 401 due to lowercase "bearer" in Authorization header#122
#123
@SureneruS

Description

@SureneruS
SureneruS
opened on Dec 31, 2025

Description

The SDK uses lowercase bearer in the Authorization header, but the Cloud PDP (https://cloudpdp.api.permit.io) requires uppercase Bearer per RFC 6750.

Location

https://github.com/permitio/permit-python/blob/main/permit/enforcement/enforcer.py#L47

self._headers = {
"Content-Type": "application/json",
"Authorization": f"bearer {self._config.token}", # Should be "Bearer"
}

Steps to Reproduce

  1. Use permit SDK v2.8.3 with Cloud PDP
  2. Call permit.check() with valid API key
  3. Get PermitConnectionError: Permit SDK got unexpected status code: 401

Evidence

Lowercase bearer fails:

curl -X POST https://cloudpdp.api.permit.io/allowed
-H "Authorization: bearer permit_key_xxx"
-H "Content-Type: application/json"
-d '{"user": {"key": "test"}, "action": "view", "resource": {"type": "Resource"}}'

Returns: {"message":"Unauthorized"}

Uppercase Bearer works:

curl -X POST https://cloudpdp.api.permit.io/allowed
-H "Authorization: Bearer permit_key_xxx"
-H "Content-Type: application/json"
-d '{"user": {"key": "test"}, "action": "view", "resource": {"type": "Resource"}}'

Returns: {"allow": true, ...}

Fix

Change line 47 in permit/enforcement/enforcer.py:

"Authorization": f"Bearer {self._config.token}",

Environment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions