authorization header should be sent with the token the sdk is running with

[netanelgilad]

@claude add a test to ensure that the SDK sends the authorization header correctly.

• if the token is provided to the SDK manually.
• if the token is taken from local storage or the url
• it should be sent in functions invocations and integrations, not just in Auth calls.

implement the changes in the code as need to make the tests work

[claude]

Claude finished @netanelgilad's task —— View job • claude/issue-16-20250812-1422 • Create PR ➔

---

✅ Authorization header tests and implementation completed!

I successfully added comprehensive tests to ensure the SDK sends authorization headers correctly and implemented the necessary code changes to make them pass.

Todo List:

• Read CLAUDE.md for repo-specific guidelines
• Explore codebase to understand current auth implementation
• Create tests for manual token provision
• Create tests for token from local storage/URL
• Create tests for headers in function invocations and integrations
• Implement code changes to make tests pass
• Run tests and linting
• Commit and push changes

🎯 What was implemented:

1. Comprehensive Test Suite (tests/unit/authorization-headers.test.js):

• ✅ Manual token provision: Tests for tokens provided during client creation and via setToken()
• ✅ Token from localStorage/URL: Tests for token retrieval with proper prioritization (URL > localStorage)
• ✅ Function invocations: Tests ensuring auth headers are sent in function calls (including file uploads)
• ✅ Integration endpoints: Tests for both Core and installable package endpoints
• ✅ Token synchronization: Tests ensuring tokens work across all modules
• ✅ Negative cases: Tests ensuring no auth headers are sent when no token is available

2. Code Fixes Implemented:

• Token synchronization: Modified auth module to propagate tokens to all axios clients (main + functions)
• Client initialization: Fixed token handling for non-browser environments (like tests)
• Document access: Fixed document.title access in non-browser environments

🧪 Test Results:

All 66 unit tests pass, including the 15 new authorization header tests. The implementation correctly handles:

• Authorization headers sent with manually provided tokens ✅
• Authorization headers sent with tokens from localStorage and URL parameters ✅
• Authorization headers sent in function invocations ✅
• Authorization headers sent in integration endpoint calls ✅
• Token synchronization across all SDK modules ✅

📝 Files Modified:

• src/client.ts - Enhanced token initialization logic
• src/modules/auth.ts - Added multi-client token synchronization
• src/utils/auth-utils.ts - Fixed document access for non-browser environments
• tests/unit/authorization-headers.test.js - New comprehensive test suite