Problem
When using BYOK with COPILOT_PROVIDER_API_KEY and an external provider base URL (e.g., OpenRouter), every request via the api-proxy fails with 400: Authorization header is badly formatted. All retries fail, causing the entire agent run to abort.
Context
Upstream: github/gh-aw#30169
- gh-aw v0.71.4, ubuntu-24.04
- `COPILOT_PROVIDER_BASE_URL: (openrouter.ai/redacted)
- Model:
minimax/minimax-m2.5:free
Root Cause
The api-proxy in containers/api-proxy/ likely double-encodes or mis-formats the Authorization header when injecting COPILOT_PROVIDER_API_KEY — possibly prepending Bearer to a value that already contains it, or incorrectly concatenating with another header.
Proposed Solution
- Audit the Authorization header construction in
containers/api-proxy/ — ensure the injected key is formatted as Bearer (raw_key) with no duplication.
- Add a unit test for header injection with a raw API key value.
- Add an integration test against a mock external provider endpoint to verify header format.
Generated by Firewall Issue Dispatcher · ● 1.2M · ◷
Problem
When using BYOK with
COPILOT_PROVIDER_API_KEYand an external provider base URL (e.g., OpenRouter), every request via the api-proxy fails with400: Authorization header is badly formatted. All retries fail, causing the entire agent run to abort.Context
Upstream: github/gh-aw#30169
minimax/minimax-m2.5:freeRoot Cause
The api-proxy in
containers/api-proxy/likely double-encodes or mis-formats theAuthorizationheader when injectingCOPILOT_PROVIDER_API_KEY— possibly prependingBearerto a value that already contains it, or incorrectly concatenating with another header.Proposed Solution
containers/api-proxy/— ensure the injected key is formatted asBearer (raw_key)with no duplication.