fix: auth token base64 fallback and CiString case preservation#9
Merged
alfonsosastre merged 4 commits intoFeb 11, 2026
Merged
Conversation
- Make base64 token decoding resilient: catch all decode errors and fall back to raw token instead of raising AuthorizationOCPIError. This allows development setups to use plain-text tokens with OCPI 2.2+ endpoints. - Preserve original case in CiString instead of forcing lower/upper. CiString means case-insensitive comparison, not mutation. Forcing case destroyed identifiers like OCPP charge point IDs. - Change CI_STRING_LOWERCASE_PREFERENCE default to false (preserve case by default). - Add try/except in get_auth_token() for decode_string_base64 to gracefully handle non-base64 tokens. Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
…(OCPI 2.2.1) - Auth: fallback to raw token when base64 decode fails (dev/integration) - CiString: preserve original case (OCPP IDs like K0032832A) - Remove auth_id from Session/CDR v2.2.1 (replaced by CdrToken per spec) - Remove CI_STRING_LOWERCASE_PREFERENCE (dead config) - Narrow exception handling to (UnicodeDecodeError, ValueError) - Add tests for plain-text fallback and CiString case preservation Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AuthorizationVerifier,CredentialsAuthorizationVerifier,HttpPushVerifier,WSPushVerifier) now catch all exceptions fromdecode_string_base64and fall back to the raw token instead of raisingAuthorizationOCPIError. This allows plain-text tokens to work with OCPI 2.2+ endpoints (useful for development and integrations that don't base64-encode their tokens).CiStringno longer forces values to lowercase or uppercase. The OCPI spec defines CiString as case-insensitive comparison, not case mutation. Forcing case was breaking identifiers like OCPP charge point IDs (e.g.,K0032832Abecamek0032832a).get_auth_token()fallback: Addedtry/exceptarounddecode_string_base64so callers get the raw token back if decoding fails, instead of an unhandled exception.CI_STRING_LOWERCASE_PREFERENCE: Changed fromTruetoFalseto preserve case by default.Context
These issues were discovered during end-to-end testing of the OCPI DirectPayment flow (Payter integration) with
elu-ocpiandelu-charge. The CiString case mutation caused EVSE/location ID mismatches, and the strict base64 decoding blocked authentication with plain-text dev tokens.Test plan
CI_STRING_LOWERCASE_PREFERENCE=trueenv var restores old behavior if neededMade with Cursor