From 296c7fefc5ec5852baa3553abbbfd25e52a50b20 Mon Sep 17 00:00:00 2001 From: SysAdmin Date: Sun, 22 Feb 2026 22:07:21 +0000 Subject: [PATCH] fix(developers): use fresh HttpClient for ticket creation to authenticate as applicant The typed HttpClient has X-API-Key set as a default header, which caused SilverDESK's MultiAuth policy to route to ApiKey auth instead of Bearer/JWT. This made tickets owned by the MCP system user instead of the applicant. Co-Authored-By: Claude Opus 4.6 --- BlazorApp/Services/DeveloperApplicationService.cs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/BlazorApp/Services/DeveloperApplicationService.cs b/BlazorApp/Services/DeveloperApplicationService.cs index 234a1ac..8455dae 100644 --- a/BlazorApp/Services/DeveloperApplicationService.cs +++ b/BlazorApp/Services/DeveloperApplicationService.cs @@ -81,11 +81,15 @@ public class DeveloperApplicationService Category = "Developer Program" }; + // Use a fresh HttpClient without the X-API-Key default header so that + // SilverDESK's MultiAuth policy routes to Bearer/JWT auth (the new user's token) + // instead of ApiKey auth (which resolves to the MCP system user). + using var userClient = new HttpClient { BaseAddress = _httpClient.BaseAddress }; var ticketRequest = new HttpRequestMessage(HttpMethod.Post, "/api/tickets"); ticketRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); ticketRequest.Content = JsonContent.Create(ticketPayload); - var ticketResponse = await _httpClient.SendAsync(ticketRequest); + var ticketResponse = await userClient.SendAsync(ticketRequest); if (!ticketResponse.IsSuccessStatusCode) {