I’m implementing a macOS Platform SSO extension using ASAuthorizationProviderExtensionAuthorizationRequest.
In beginAuthorization, I intercept an OAuth authorize request and call:
request.complete(httpAuthorizationHeaders: [
"x-psso-attestation": signedJWT
])
I also tested:
request.complete(httpAuthorizationHeaders: [
"Authorization": "Bearer test-value"
])
From extension logs, I can confirm the request is intercepted correctly and the header dictionary passed into complete(httpAuthorizationHeaders:) contains the expected values.
However:
the header is not visible in browser devtools the header does not appear at the server / reverse proxy
So the question is:
-
Does complete(httpAuthorizationHeaders:) support arbitrary custom headers, or only a restricted set of authorization-related headers ? Is there something that I might be missing ?
-
And if custom headers are not supported, is there any supported way for a Platform SSO extension to attach a normal HTTP header to the continued outbound request ?