feat(handlers): authorization header switch via query param to /api/verify (#1563)

* [FEATURE] Add auth query param to /api/verify (#1353)

When `/api/verify` is called with `?auth=basic`, use the standard
Authorization header instead of Proxy-Authorization.

* [FIX] Better basic auth error reporting

* [FIX] Return 401 when using basic auth instead of redirecting

* [TESTS] Add tests for auth=basic query param

* [DOCS] Mention auth=basic argument and provide nginx example

* docs: add/adjust basic auth query arg docs for proxies

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

1 files changed, 5 insertions, 2 deletions

diff --git a/internal/handlers/const.go b/internal/handlers/const.go
index faed58997..c3f3701ea 100644
--- a/internal/handlers/const.go
+++ b/internal/handlers/const.go
@@ -11,8 +11,11 @@ const ResetPasswordAction = "ResetPassword"
 
 const authPrefix = "Basic "
 
-// AuthorizationHeader is the basic-auth HTTP header Authelia utilises.
-const AuthorizationHeader = "Proxy-Authorization"
+// ProxyAuthorizationHeader is the basic-auth HTTP header Authelia utilises.
+const ProxyAuthorizationHeader = "Proxy-Authorization"
+
+// AuthorizationHeader is the basic-auth HTTP header Authelia utilises with "auth=basic" query param.
+const AuthorizationHeader = "Authorization"
 
 // SessionUsernameHeader is used as additional protection to validate a user for things like pam_exec.
 const SessionUsernameHeader = "Session-Username"