Hi Andy,
Thank you for reporting this behavior. Your observation is an accurate description of the current behavior around the Personal Access Token authentication type.
Your first observation, that you can make a connection using your token (without the “Bearer” prefix), but then subsequent requests will fail with a 401 response is behavior that we are actively working to improve. The underlying reason this is happening is that we do not have an endpoint to test the connection against before you make a direct request, so we have no way of knowing if the connection is valid. This is the case for authentication types that rely on request authentication patterns like Basic, API Key, Personal Access Token and Custom. OAuth related authentication types will be able to confirm successful authentication based on the token generation process.
You did discover the solution to getting a 401 response issue, which is to manually enter the Bearer prefix before entering your token during the connection creation process, but we understand that this is not an ideal solution.
Moving forward, our plan is two-fold
- Ask the user for an endpoint to test their connection against. We would then ping this endpoint and analyze the response to make sure that the connection is valid and then subsequently ping the endpoint after connection to ensure continued validity.
- Add the ability to specify a token prefix that can automatically injected before the token. This would mean that during the authentication setup, you could specify “Bearer” (or another prefix as needed by the provider) that would be injected before the provided token. Users would only have to add their token during the connection creation process.
I’d be interested in hearing your feedback on if this plan would suffice for your use case?