From 2da758ac863ec83bb9a177adb634972f026bbd80 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Fri, 28 Sep 2018 12:44:13 -0300
Subject: [PATCH] [KEYCLOAK-6928] - Selecting first bearer if multiple values
 exists in authorization header

---
 .../adapters/BearerTokenRequestAuthenticator.java        | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
index eeda3e3429..8e472ae080 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
@@ -72,8 +72,13 @@ public class BearerTokenRequestAuthenticator {
         for (String authHeader : authHeaders) {
             String[] split = authHeader.trim().split("\\s+");
             if (split == null || split.length != 2) continue;
-            if (!split[0].equalsIgnoreCase("Bearer")) continue;
-            tokenString = split[1];
+            if (split[0].equalsIgnoreCase("Bearer")) {
+                tokenString = split[1];
+                if (log.isDebugEnabled()) {
+                    log.debugf("Found [%s] values in authorization header, selecting the first value for Bearer.", authHeaders.size());
+                }
+                break;
+            };
         }
 
         if (tokenString == null) {