Encounter 401 when call `download_and_cache`.

[Sunhill666]

Hello,

I noticed that in this line of code

label-studio-sdk/src/label_studio_sdk/_extensions/label_studio_tools/core/utils/io.py

Line 233 in 855b393

headers["Authorization"] = "Token " + access_token

, the Authorization header uses the Token scheme. However, according to the documentation, the correct scheme should be Bearer.

I tried the following command using Token:

curl -X GET <Label Studio URL>/<endpoint> -H 'Authorization: Token <my-token>'

And received this response:

{
  "id": "581f9ced-c880-42c6-af7b-6e1851367db6",
  "status_code": 401,
  "version": "1.19.0",
  "detail": "Invalid token.",
  "exc_info": null
}

But when I switched to using Bearer:

curl -X GET <Label Studio URL>/<endpoint> -H 'Authorization: Bearer <my-token>'

It seemed to work correctly (though I received a warning about binary output, which is expected).

So my question is:
Should the SDK be using Token in the Authorization header, or is Bearer the correct and intended format?

Thanks in advance!

[hakan458]

Hi @Sunhill666 ! You are correct that when using Personal Access Tokens, the header should be bearer , and when using Legacy API Tokens, the header should be Token
We have some old code like the function you referenced, in which we only support Legacy API Tokens.
The up-to-date client which supports both and handles the internals is label_studio_sdk.LabelStudio or label_studio_sdk.AsyncLabelStudio

Here is how you can authenticate with SDK using a PAT (JWT)
https://docs.humansignal.com/guide/access_tokens#SDK

However it seems that in this specific function we are not handling legacy vs. PAT correctly. Are you using label_studio.Client ? Or just using this function directly? I can make a fix sometime this week.