Using personal access tokens to Basic authenticate against REST API endpoints, we notice that adding one character in the end is considering the token as valid.
When we add more than one character the token is considered invalid and the IncorrectPasswordAuthenticationException is thrown.
- Create a personal access token
- call a REST API endpoint such as /rest/api/1.0/admin/users
- choose basic authentication via access token.
- At first use the exact access token and make the call
- Then, add one character to the end of that token and make the call again.
- Then, add more one character (so now we have two extra characters) and make the call again.
- Once the token is changed by adding one or more characters we expect the authentication to fail.
- adding one character does not affect the authentication and the call succeeds.
- adding more than one character the call fails.
Currently, we don't have a workaround to apply on this case.