📚 doc: Key Value Expectation Notice (KeyAuth Middleware)

[ha-sante]

Description

1. Extractor: extractors.FromAuthHeader("Bearer") expects a specific type of key value.
2. it un-noted leading to situations where the the Validator is skipped entirely in the key.
3. The error handler is not clear on this as well.

This fix adds a little note stating the expectations with a link to the RFC docs on it - so readers can easily see where to go.

I spent some minutes trying to debug - my hope is others dont because of it.

Fixes # (issue)

Changes introduced

• Documentation Update: Added this little note:
• FromAuthHeader expects a complaint RFC 7235 Token68-,token68,-%3D%201*(%20ALPHA%20/%20DIGIT) key value.

Type of change

• Documentation update (changes to documentation)

Checklist

Before you submit your pull request, please make sure you meet these requirements:

• Updated the documentation in the /docs/ directory for Fiber's documentation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5a7f40fd-6f4d-49cc-8642-a44853f22022

📥 Commits

Reviewing files that changed from the base of the PR and between 4d84485 and 6cca530.

📒 Files selected for processing (1)

• docs/middleware/keyauth.md

✅ Files skipped from review due to trivial changes (1)

• docs/middleware/keyauth.md

---

Walkthrough

Added a one-line documentation clarification to KeyAuth middleware docs: FromAuthHeader expects an RFC 7235 token68 Authorization header. No code, API, or control-flow changes were made.

Changes

Cohort / File(s)	Summary
KeyAuth Documentation docs/middleware/keyauth.md	Inserted one clarifying sentence that FromAuthHeader expects an RFC 7235 token68 Authorization header (token68 form). No code or behavioral changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~1 minute

Possibly related PRs

• docs: note removal of context keys #3707: Doc note directly related to keyauth.FromAuthHeader extractor behavior.
• 🧹 chore: Improve KeyAuth middleware RFC compliance #3742: Related implementation/clarification of strict RFC 7235 token68 validation for FromAuthHeader.
• 🧹 chore: Enhance KeyAuth middleware to better comply with RFC 6750 #3482: Related changes to Authorization header parsing and KeyAuth extractor behavior.

Suggested reviewers

• sixcolors
• ReneWerner87
• efectn

Poem

🐰 A tiny hop in docs so bright,
Token68 now spelled just right.
No code stirred, just words in line,
Authorization tidy and fine.
Hops and carrots — docs divine! 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title mentions 'Key Value Expectation Notice' and 'KeyAuth Middleware', which aligns with the documentation update about token format expectations.
Description check	✅ Passed	The PR description explains the problem, documents the specific change (RFC 7235 Token68 compliance requirement), and checks the 'Documentation update' type box appropriately.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request updates the keyauth.md documentation to clarify that the FromAuthHeader extractor expects an RFC 7235 Token68 compliant key value. A review comment identified a typo ('complaint' instead of 'compliant') and suggested formatting the function name with backticks for consistency.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

docs/middleware/keyauth.md (1)

172-172: Consider adding the failure-mode note called out in the PR objective.

Right now this line states the format requirement, but not the consequence. Add a brief follow-up sentence that non-token68 values may bypass Validator and yield a less clear error response.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/middleware/keyauth.md` at line 172, The docs state FromAuthHeader
expects an RFC7235 Token68 value but don't describe the failure mode; update the
sentence after the token68 description to note that non-token68 values can
bypass the Validator (FromAuthHeader) and result in a less clear or different
error response, e.g., explicitly mention that values not matching token68 may
not be validated and can produce ambiguous errors from Validator or downstream
handlers.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/middleware/keyauth.md`:
- Line 172: Fix the typo and malformed RFC link in the docs: change "complaint"
to "compliant" in the sentence that references FromAuthHeader, and replace the
broken URL with a stable RFC7235 section anchor (e.g. use the RFC7235 link with
`#section-2.1` or another correct section anchor that points to token68) so the
phrase reads "FromAuthHeader expects a compliant RFC 7235 token68 key value."
Reference the FromAuthHeader mention to locate the sentence.

---

Nitpick comments:
In `@docs/middleware/keyauth.md`:
- Line 172: The docs state FromAuthHeader expects an RFC7235 Token68 value but
don't describe the failure mode; update the sentence after the token68
description to note that non-token68 values can bypass the Validator
(FromAuthHeader) and result in a less clear or different error response, e.g.,
explicitly mention that values not matching token68 may not be validated and can
produce ambiguous errors from Validator or downstream handlers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ba84190b-f883-4bcc-a749-41415484ae8a

📥 Commits

Reviewing files that changed from the base of the PR and between bf952a1 and ac326f3.

📒 Files selected for processing (1)

• docs/middleware/keyauth.md

[ha-sante]

fix - complaint to compliant word.

[Copilot]

Pull request overview

Updates the KeyAuth middleware documentation to clarify what format FromAuthHeader("Bearer") expects for the extracted key value, and provides an RFC reference to reduce debugging friction.

Changes:

• Added a documentation note that FromAuthHeader expects an RFC 7235 token68-style value.
• Linked to the relevant RFC content for quick reference.

[welcome]

Congrats on merging your first pull request! 🎉 We here at Fiber are proud of you! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord