Help Center

Improved

Fixed

Website

yaakapp

Needs Triage

Under Consideration

Backlog

Up Next

Needs Reproduction

In Progress

Pending Release

Released to Beta

Released

Closed

Won't Fix

Stale

Resolved

Troubleshooting

Question

Feature

Improvement

Accounts

Main Roadmap

Please include details such as OS, app version, reproduction steps, etc, when relevant

Submit Bugs, Improvements, Feature Requests, or General Feedback

Hey {name|there}! 👋

When using JWT authentication on a WebSocket request, the token is sent in a “token” header instead of the default “Authorization” header, despite the UI stating otherwise.Steps to reproduce:<ul><li>Run any WebSocket server on localhost:8000.</li><li>Create a new WebSocket request. Set URL to “ws://127.0.0.1:8000/”.</li><li>Select JWT Bearer authentication method.</li><li>Open Wireshark (since WebSockets don’t go through the configured proxy).</li><li>Send the request.</li><li>Observe the HTTP request in Wireshark with a “token” header, instead of the “Authorization” header, as implied by the UI.</li></ul>The “Header Name” field in Advanced JWT options shows “Authorization” but is actually sent as “token”. Interestingly, clearing that field and setting it again fixes the problem.The attached images show the request in Yaak, as well as its result in Wireshark.<img data-width="100%" data-align="left" alt="" data-featurebase-content-key="66d7e6a0faf4138b84c38452/post/6970c8377b5fc085c02c4126/019be08d-5eb3-72cb-bdc3-087365a22c08/b64u-MjAyNi0wMS0yMV8xMy0zNC01MF9XaXJlc2hhcmsucG5n.png" data-featurebase-content-filename="2026-01-21_13-34-50_Wireshark.png" src="https://66d7e6a0faf4138b84c38452.featurebase-attachments.com/c/post/6970c8377b5fc085c02c4126/019be08d-5eb3-72cb-bdc3-087365a22c08/b64u-MjAyNi0wMS0yMV8xMy0zNC01MF9XaXJlc2hhcmsucG5n.png?X-Amz-Expires=3600&amp;X-Amz-Date=20260621T060000Z&amp;X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=DO801TYC4FCVNNEKURKM%2F20260621%2Ffra1%2Fs3%2Faws4_request&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=852bfc6fcbbace17fc0dd7682c680f2c6d5d14822f6faf8b37356f1d62f2d2ec"><img data-width="100%" data-align="left" alt="" data-featurebase-content-key="66d7e6a0faf4138b84c38452/post/6970c8377b5fc085c02c4126/019be08d-4dce-70f4-990e-fada22f62008/b64u-MjAyNi0wMS0yMV8xMy0zNC0yOV95YWFrLWFwcC5wbmc.png" data-featurebase-content-filename="2026-01-21_13-34-29_yaak-app.png" src="https://66d7e6a0faf4138b84c38452.featurebase-attachments.com/c/post/6970c8377b5fc085c02c4126/019be08d-4dce-70f4-990e-fada22f62008/b64u-MjAyNi0wMS0yMV8xMy0zNC0yOV95YWFrLWFwcC5wbmc.png?X-Amz-Expires=3600&amp;X-Amz-Date=20260621T060000Z&amp;X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=DO801TYC4FCVNNEKURKM%2F20260621%2Ffra1%2Fs3%2Faws4_request&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=699975f8196039738d7cd4205ccc75ab949313167d479d7afbf0aeedfd29826d">

WebSocket JWT auth uses incorrect header name

Kuba Szczodrzyński

Yaak

WebSocket JWT auth uses incorrect header name

Subscribe to post

Subscribe to post