deal with Authorization headers without blank

closes #473

Signed-off-by: Stefan Bodewig <[email protected]>

Author: bodewig

ChangeLog

@@ -1,4 +1,9 @@
-03/02/2023
+03/10/2023
+- when looking for a bearer token an exception occured if the
+  Authorization header didn't contain any space character;
+  see #473
+
+02/03/2023
 - release 1.7.6-3 of luarock pinning lua-resty-session dependency to
   not go beyond 3.1ß
 

lib/resty/openidc.lua

@@ -1651,7 +1651,7 @@ local function openidc_get_bearer_access_token(opts)
   end
 
   local divider = header:find(' ')
-  if divider == 0 or string.lower(header:sub(0, divider - 1)) ~= string.lower("Bearer") then
+  if divider == nil or divider == 0 or string.lower(header:sub(0, divider - 1)) ~= string.lower("Bearer") then
     err = "no Bearer authorization header value found"
     log(ERROR, err)
     return nil, err