Hi all,
we have had the following configuration which has worked prior to Summer '21:

#1: External Services schema JSON:

{
  "swagger": "2.0",
  "info": {
    "title": "title",
    "description": "API for host",
    "version": "0.0.1"
  },
  "securityDefinitions": {
    "JWT": {
      "type": "apiKey",
      "in": "header",
      "name": "Authorization"
    }
  },
  "security": [
    {
      "JWT": []
    }
  ],
  "tags": [
    {
      "name": "V1",
      "description": "Operations about V1"
    }
  ],
  "host": "hostName",
  "schemes": [
    "https"
  ],
  "paths": {
    "/graphql": {
      "post": {
        "tags": [
          "V1"
        ],
        "description": "Graphql post",
        "operationId": "graphqlPost",
        "consumes": [
          "application/json"
        ],
        "produces": [
          "application/json"
        ],
        "parameters": [
          {
            "name": "Authorization",
            "in": "header",
            "description": "Authorization",
            "required": true,
            "type": "string"
          },
          {
            "name": "BodyModel",
            "in": "body",
            "description": "BodyModel",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "OK",
            "schema": {
              "type": "string"
            }
          }
        },
        "security": []
      }
    }
  },
  "definitions": {}
}

#2: Basic Named Credentials which have "Authentication Protocol" as "No Authentication"

#3 Flow which utilizes the #1 and #2 so it can make some API requests with Authorization: Bearer <api key> in the header and some JSON body.

After Summer '21, without anything being changed on the above 3 points, API requests started failing.

We have debugged and figured out that Flow will not send the Authorization header anymore (although it shows in the flow debug log that it is there). Headers named other than "Authorization" will pass.

I can not find anything in the release notes pointing me to the exact change and required adaptations in order for this to work again.

Does anyone know what change should External Service JSON maybe have in order for Auth header to be compatible with Summer '21 changes?

Thanks

Hi all,
we have had the following configuration which has worked prior to Summer '21:

#1: External Services schema JSON:

{
  "swagger": "2.0",
  "info": {
    "title": "title",
    "description": "API for host",
    "version": "0.0.1"
  },
  "securityDefinitions": {
    "JWT": {
      "type": "apiKey",
      "in": "header",
      "name": "Authorization"
    }
  },
  "security": [
    {
      "JWT": []
    }
  ],
  "tags": [
    {
      "name": "V1",
      "description": "Operations about V1"
    }
  ],
  "host": "hostName",
  "schemes": [
    "https"
  ],
  "paths": {
    "/graphql": {
      "post": {
        "tags": [
          "V1"
        ],
        "description": "Graphql post",
        "operationId": "graphqlPost",
        "consumes": [
          "application/json"
        ],
        "produces": [
          "application/json"
        ],
        "parameters": [
          {
            "name": "Authorization",
            "in": "header",
            "description": "Authorization",
            "required": true,
            "type": "string"
          },
          {
            "name": "BodyModel",
            "in": "body",
            "description": "BodyModel",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "OK",
            "schema": {
              "type": "string"
            }
          }
        },
        "security": []
      }
    }
  },
  "definitions": {}
}

#2: Basic Named Credentials which have "Authentication Protocol" as "No Authentication"

#3 Flow which utilizes the #1 and #2 so it can make some API requests with Authorization: Bearer <api key> in the header and some JSON body.

After Summer '21, without anything being changed on the above 3 points, API requests started failing.

We have debugged and figured out that Flow will not send the Authorization header anymore (although it shows in the flow debug log that it is there). Headers named other than "Authorization" will pass.

I can not find anything in the release notes pointing me to the exact change and required adaptations in order for this to work again.

Does anyone know what change should External Service JSON maybe have in order for Auth header to be compatible with Summer '21 changes?

Thanks