Bearer auth scheme is lowercase in request header

[timovv]

When making a request to the OpenAI API using the unbranded SDK with this code, authorization fails:

const client = new OpenAIClient({ key: process.env.OPENAI_API_KEY ?? "" });

try {
  const result = await client.chat.completions.create({
    model: "gpt-3.5-turbo",
    messages: [
      {
        role: "user",
        content: "Say this is a test",
      },
    ],
    temperature: 0.7,
  });
  console.log(result);
} catch (e) {
  console.error(e);
}

Expected behavior

With a valid API key, authorization succeeds because the Authorization header has value Bearer <access-token>.

Actual behavior

Authorization fails due to the word "bearer" being lower case in the request: Authorization: bearer <access-token>.

[timovv]

This can be worked around in the TypeSpec by using

@useAuth({
  type: AuthType.http,
  scheme: "Bearer",
})

instead of @useAuth(BearerAuth), but we should support BearerAuth anyway.

[MaryGao]

I notice that this is introduced by BearerAuth definition in typespec. I notice that the RFC didn't mention this should be case sensitive or not but typically it would be Bearer.

@doc("")
model BearerAuth {
  @doc("Http authentication")
  type: AuthType.http;

  @doc("bearer auth scheme")
  scheme: "bearer";
}

@timotheeguerin could we fix in typespec http lib?

[archerzz]

According to the RFC:

Unless otherwise noted, all the protocol parameter names and values
are case sensitive.

We should fix in tsp.

[timotheeguerin]

The value in openapi also is lower case so I think this should be the emitter understanding the known values
https://swagger.io/docs/specification/authentication/bearer-authentication/

Swagger ui understand all cases and sends Bearer

We have just kept the authentication inline with openapi3. We should discuss if we want to change and or clarify the intent of that value it but this is not a bug in typespec http right now.

[archerzz]

Looks like scheme in openapi is always lower case, but the real header value sent is not. Here is another example Basic authentication.
Maybe we can do a mapping somewhere in TCGC to cover all those case?

[MaryGao]

Laurrent has a pr for this and I have a small concern so commented here microsoft/typespec#2639 (comment).

[MaryGao]

pending on this issue microsoft/typespec#2672