@lobehub/chat 1.80.1 → 1.80.2

package/src/config/aiModels/zhipu.ts

@@ -8,7 +8,6 @@ const zhipuChatModels: AIChatModelCard[] = [
     contextWindowTokens: 16_384,
     description: 'GLM-Zero-Preview具备强大的复杂推理能力，在逻辑推理、数学、编程等领域表现优异。',
     displayName: 'GLM-Zero-Preview',
-    enabled: true,
     id: 'glm-zero-preview',
     pricing: {
       currency: 'CNY',
@@ -17,6 +16,67 @@ const zhipuChatModels: AIChatModelCard[] = [
     },
     type: 'chat',
   },
+  {
+    abilities: {
+      reasoning: true,
+      search: true,
+    },
+    contextWindowTokens: 32_000,
+    description: '推理模型: 具备强大推理能力，适用于需要深度推理的任务。',
+    displayName: 'GLM-Z1-Air',
+    id: 'glm-z1-air',
+    maxOutput: 30_000,
+    pricing: {
+      currency: 'CNY',
+      input: 0.5,
+      output: 0.5,
+    },
+    settings: {
+      searchImpl: 'params',
+    },
+    type: 'chat',
+  },
+  {
+    abilities: {
+      reasoning: true,
+      search: true,
+    },
+    contextWindowTokens: 32_000,
+    description: '极速推理：具有超快的推理速度和强大的推理效果。',
+    displayName: 'GLM-Z1-AirX',
+    id: 'glm-z1-airx',
+    maxOutput: 30_000,
+    pricing: {
+      currency: 'CNY',
+      input: 5,
+      output: 5,
+    },
+    settings: {
+      searchImpl: 'params',
+    },
+    type: 'chat',
+  },
+  {
+    abilities: {
+      reasoning: true,
+      search: true,
+    },
+    contextWindowTokens: 32_000,
+    description: 'GLM-Z1 系列具备强大的复杂推理能力，在逻辑推理、数学、编程等领域表现优异。最大上下文长度为32K。',
+    displayName: 'GLM-Z1-Flash',
+    enabled: true,
+    id: 'glm-z1-flash',
+    maxOutput: 30_000,
+    pricing: {
+      currency: 'CNY',
+      input: 0,
+      output: 0,
+    },
+    settings: {
+      searchImpl: 'params',
+    },
+    type: 'chat',
+  },
   {
     abilities: {
       functionCall: true,
@@ -24,9 +84,10 @@ const zhipuChatModels: AIChatModelCard[] = [
     },
     contextWindowTokens: 128_000,
     description: 'GLM-4-Flash 是处理简单任务的理想选择，速度最快且免费。',
-    displayName: 'GLM-4-Flash',
+    displayName: 'GLM-4-Flash-250414',
     enabled: true,
-    id: 'glm-4-flash',
+    id: 'glm-4-flash-250414',
+    maxOutput: 4000,
     pricing: {
       currency: 'CNY',
       input: 0,
@@ -45,8 +106,8 @@ const zhipuChatModels: AIChatModelCard[] = [
     contextWindowTokens: 128_000,
     description: 'GLM-4-FlashX 是Flash的增强版本，超快推理速度。',
     displayName: 'GLM-4-FlashX',
-    enabled: true,
     id: 'glm-4-flashx',
+    maxOutput: 4000,
     pricing: {
       currency: 'CNY',
       input: 0.1,
@@ -66,6 +127,7 @@ const zhipuChatModels: AIChatModelCard[] = [
     description: 'GLM-4-Long 支持超长文本输入，适合记忆型任务与大规模文档处理。',
     displayName: 'GLM-4-Long',
     id: 'glm-4-long',
+    maxOutput: 4000,
     pricing: {
       currency: 'CNY',
       input: 1,
@@ -81,15 +143,15 @@ const zhipuChatModels: AIChatModelCard[] = [
       functionCall: true,
       search: true,
     },
-    contextWindowTokens: 128_000,
+    contextWindowTokens: 32_000,
     description: 'GLM-4-Air 是性价比高的版本，性能接近GLM-4，提供快速度和实惠的价格。',
-    displayName: 'GLM-4-Air',
-    enabled: true,
-    id: 'glm-4-air',
+    displayName: 'GLM-4-Air-250414',
+    id: 'glm-4-air-250414',
+    maxOutput: 4000,
     pricing: {
       currency: 'CNY',
-      input: 1,
-      output: 1,
+      input: 0.5,
+      output: 0.5,
     },
     settings: {
       searchImpl: 'params',
@@ -104,8 +166,8 @@ const zhipuChatModels: AIChatModelCard[] = [
     contextWindowTokens: 8192,
     description: 'GLM-4-AirX 提供 GLM-4-Air 的高效版本，推理速度可达其2.6倍。',
     displayName: 'GLM-4-AirX',
-    enabled: true,
     id: 'glm-4-airx',
+     maxOutput: 4000,
     pricing: {
       currency: 'CNY',
       input: 10,
@@ -144,8 +206,8 @@ const zhipuChatModels: AIChatModelCard[] = [
     contextWindowTokens: 128_000,
     description: 'GLM-4-Plus 作为高智能旗舰，具备强大的处理长文本和复杂任务的能力，性能全面提升。',
     displayName: 'GLM-4-Plus',
-    enabled: true,
     id: 'glm-4-plus',
+    maxOutput: 4000,
     pricing: {
       currency: 'CNY',
       input: 50,
@@ -164,7 +226,7 @@ const zhipuChatModels: AIChatModelCard[] = [
     contextWindowTokens: 128_000,
     description: 'GLM-4-0520 是最新模型版本，专为高度复杂和多样化任务设计，表现卓越。',
     displayName: 'GLM-4-0520',
-    id: 'glm-4-0520',
+    id: 'glm-4-0520', // 弃用时间 2025年12月30日
     pricing: {
       currency: 'CNY',
       input: 100,
@@ -183,7 +245,7 @@ const zhipuChatModels: AIChatModelCard[] = [
     contextWindowTokens: 128_000,
     description: 'GLM-4 是发布于2024年1月的旧旗舰版本，目前已被更强的 GLM-4-0520 取代。',
     displayName: 'GLM-4',
-    id: 'glm-4',
+    id: 'glm-4', // 弃用时间 2025年6月30日
     pricing: {
       currency: 'CNY',
       input: 100,
@@ -198,7 +260,7 @@ const zhipuChatModels: AIChatModelCard[] = [
     abilities: {
       vision: true,
     },
-    contextWindowTokens: 8192,
+    contextWindowTokens: 4096,
     description:
       'GLM-4V-Flash 专注于高效的单一图像理解，适用于快速图像解析的场景，例如实时图像分析或批量图像处理。',
     displayName: 'GLM-4V-Flash',
@@ -218,13 +280,12 @@ const zhipuChatModels: AIChatModelCard[] = [
     },
     contextWindowTokens: 8192,
     description: 'GLM-4V-Plus 具备对视频内容及多图片的理解能力，适合多模态任务。',
-    displayName: 'GLM-4V-Plus',
-    enabled: true,
-    id: 'glm-4v-plus',
+    displayName: 'GLM-4V-Plus-0111',
+    id: 'glm-4v-plus-0111',
     pricing: {
       currency: 'CNY',
-      input: 10,
-      output: 10,
+      input: 4,
+      output: 4,
     },
     type: 'chat',
   },
@@ -232,7 +293,7 @@ const zhipuChatModels: AIChatModelCard[] = [
     abilities: {
       vision: true,
     },
-    contextWindowTokens: 2048,
+    contextWindowTokens: 4096,
     description: 'GLM-4V 提供强大的图像理解与推理能力，支持多种视觉任务。',
     displayName: 'GLM-4V',
     id: 'glm-4v',
@@ -249,6 +310,7 @@ const zhipuChatModels: AIChatModelCard[] = [
       'CodeGeeX-4 是强大的AI编程助手，支持多种编程语言的智能问答与代码补全，提升开发效率。',
     displayName: 'CodeGeeX-4',
     id: 'codegeex-4',
+    maxOutput: 32_000,
     pricing: {
       currency: 'CNY',
       input: 0.1,
@@ -257,14 +319,15 @@ const zhipuChatModels: AIChatModelCard[] = [
     type: 'chat',
   },
   {
-    contextWindowTokens: 4096,
-    description: 'CharGLM-3 专为角色扮演与情感陪伴设计，支持超长多轮记忆与个性化对话，应用广泛。',
-    displayName: 'CharGLM-3',
-    id: 'charglm-3',
+    contextWindowTokens: 8192,
+    description: 'CharGLM-4 专为角色扮演与情感陪伴设计，支持超长多轮记忆与个性化对话，应用广泛。',
+    displayName: 'CharGLM-4',
+    id: 'charglm-4',
+    maxOutput: 4000,
     pricing: {
       currency: 'CNY',
-      input: 15,
-      output: 15,
+      input: 1,
+      output: 1,
     },
     type: 'chat',
   },
@@ -273,6 +336,7 @@ const zhipuChatModels: AIChatModelCard[] = [
     description: 'Emohaa 是心理模型，具备专业咨询能力，帮助用户理解情感问题。',
     displayName: 'Emohaa',
     id: 'emohaa',
+    maxOutput: 4000,
     pricing: {
       currency: 'CNY',
       input: 15,

package/src/const/settings/knowledge.ts

@@ -2,7 +2,7 @@ import { FilesConfig, FilesConfigItem } from '@/types/user/settings/filesConfig'
 
 import {
   DEFAULT_EMBEDDING_MODEL,
-  DEFAULT_PROVIDER,
+  DEFAULT_EMBEDDING_PROVIDER,
   DEFAULT_RERANK_MODEL,
   DEFAULT_RERANK_PROVIDER,
   DEFAULT_RERANK_QUERY_MODE,
@@ -10,7 +10,7 @@ import {
 
 export const DEFAULT_FILE_EMBEDDING_MODEL_ITEM: FilesConfigItem = {
   model: DEFAULT_EMBEDDING_MODEL,
-  provider: DEFAULT_PROVIDER,
+  provider: DEFAULT_EMBEDDING_PROVIDER,
 };
 
 export const DEFAULT_FILE_RERANK_MODEL_ITEM: FilesConfigItem = {

package/src/libs/oidc-provider/config.ts

@@ -11,9 +11,6 @@ export const defaultClients: ClientMetadata[] = [
     // 仅支持授权码流程
     grant_types: ['authorization_code', 'refresh_token'],
 
-    // 明确指明是原生应用
-    isFirstParty: true,
-
     logo_uri: 'https://hub-apac-1.lobeobjects.space/lobehub-desktop-icon.png',
 
     // 桌面端注册的自定义协议回调（使用反向域名格式）

package/src/libs/trpc/edge/index.ts

@@ -10,7 +10,6 @@
 import { DESKTOP_USER_ID } from '@/const/desktop';
 import { isDesktop } from '@/const/version';
 
-import { userAuth } from '../middleware/userAuth';
 import { edgeTrpc } from './init';
 import { jwtPayloadChecker } from './middleware/jwtPayload';
 
@@ -30,9 +29,6 @@ export const publicProcedure = edgeTrpc.procedure.use(({ next, ctx }) => {
   });
 });
 
-// procedure that asserts that the user is logged in
-export const authedProcedure = edgeTrpc.procedure.use(userAuth);
-
 // procedure that asserts that the user add the password
 export const passwordProcedure = edgeTrpc.procedure.use(jwtPayloadChecker);
 

package/src/libs/trpc/lambda/context.ts

@@ -1,14 +1,31 @@
+import debug from 'debug';
 import { User } from 'next-auth';
 import { NextRequest } from 'next/server';
 
 import { JWTPayload, LOBE_CHAT_AUTH_HEADER, enableClerk, enableNextAuth } from '@/const/auth';
+import { oidcEnv } from '@/envs/oidc';
 import { ClerkAuth, IClerkAuth } from '@/libs/clerk-auth';
+import { extractBearerToken } from '@/utils/server/auth';
+
+// Create context logger namespace
+const log = debug('lobe-trpc:lambda:context');
+
+export interface OIDCAuth {
+  // Other OIDC information that might be needed (optional, as payload contains all info)
+  [key: string]: any;
+  // OIDC token data (now the complete payload)
+  payload: any;
+  // User ID
+  sub: string;
+}
 
 export interface AuthContext {
   authorizationHeader?: string | null;
   clerkAuth?: IClerkAuth;
   jwtPayload?: JWTPayload | null;
   nextAuth?: User;
+  // Add OIDC authentication information
+  oidcAuth?: OIDCAuth | null;
   userId?: string | null;
 }
 
@@ -20,13 +37,18 @@ export const createContextInner = async (params?: {
   authorizationHeader?: string | null;
   clerkAuth?: IClerkAuth;
   nextAuth?: User;
+  oidcAuth?: OIDCAuth | null;
   userId?: string | null;
-}): Promise<AuthContext> => ({
-  authorizationHeader: params?.authorizationHeader,
-  clerkAuth: params?.clerkAuth,
-  nextAuth: params?.nextAuth,
-  userId: params?.userId,
-});
+}): Promise<AuthContext> => {
+  log('createContextInner called with params: %O', params);
+  return {
+    authorizationHeader: params?.authorizationHeader,
+    clerkAuth: params?.clerkAuth,
+    nextAuth: params?.nextAuth,
+    oidcAuth: params?.oidcAuth,
+    userId: params?.userId,
+  };
+};
 
 export type LambdaContext = Awaited<ReturnType<typeof createContextInner>>;
 
@@ -35,23 +57,76 @@ export type LambdaContext = Awaited<ReturnType<typeof createContextInner>>;
  * @link https://trpc.io/docs/v11/context
  */
 export const createLambdaContext = async (request: NextRequest): Promise<LambdaContext> => {
+  log('createLambdaContext called for request');
   // for API-response caching see https://trpc.io/docs/v11/caching
 
   const authorization = request.headers.get(LOBE_CHAT_AUTH_HEADER);
+  log('LobeChat Authorization header: %s', authorization ? 'exists' : 'not found');
 
   let userId;
   let auth;
+  let oidcAuth = null;
+
+  // Prioritize checking the standard Authorization header for OIDC Bearer Token validation
+  if (oidcEnv.ENABLE_OIDC) {
+    log('OIDC enabled, attempting OIDC authentication');
+    const standardAuthorization = request.headers.get('Authorization');
+    log('Standard Authorization header: %s', standardAuthorization ? 'exists' : 'not found');
+
+    try {
+      // Use extractBearerToken from utils
+      const bearerToken = extractBearerToken(standardAuthorization);
+
+      log('Extracted Bearer Token: %s', bearerToken ? 'valid' : 'invalid');
+      if (bearerToken) {
+        const { OIDCService } = await import('@/server/services/oidc');
+
+        // Initialize OIDC service
+        log('Initializing OIDC service');
+        const oidcService = await OIDCService.initialize();
+        // Validate token using OIDCService
+        log('Validating OIDC token');
+        const tokenInfo = await oidcService.validateToken(bearerToken);
+        oidcAuth = {
+          payload: tokenInfo.tokenData,
+          ...tokenInfo.tokenData, // Spread payload into oidcAuth
+          sub: tokenInfo.userId, // Use tokenData as payload
+        };
+        userId = tokenInfo.userId;
+        log('OIDC authentication successful, userId: %s', userId);
+
+        // If OIDC authentication is successful, return context immediately
+        log('OIDC authentication successful, creating context and returning');
+        return createContextInner({
+          // Preserve original LobeChat Authorization Header (if any)
+          authorizationHeader: authorization,
+          oidcAuth,
+          userId,
+        });
+      }
+    } catch (error) {
+      // If OIDC authentication fails, log error and continue with other authentication methods
+      if (standardAuthorization?.startsWith('Bearer ')) {
+        log('OIDC authentication failed, error: %O', error);
+        console.error('OIDC authentication failed, trying other methods:', error);
+      }
+    }
+  }
 
+  // If OIDC is not enabled or validation fails, try LobeChat custom Header and other authentication methods
   if (enableClerk) {
+    log('Attempting Clerk authentication');
     const clerkAuth = new ClerkAuth();
     const result = clerkAuth.getAuthFromRequest(request);
     auth = result.clerkAuth;
     userId = result.userId;
+    log('Clerk authentication result, userId: %s', userId || 'not authenticated');
 
     return createContextInner({ authorizationHeader: authorization, clerkAuth: auth, userId });
   }
 
   if (enableNextAuth) {
+    log('Attempting NextAuth authentication');
     try {
       const { default: NextAuthEdge } = await import('@/libs/next-auth/edge');
 
@@ -59,12 +134,21 @@ export const createLambdaContext = async (request: NextRequest): Promise<LambdaC
       if (session && session?.user?.id) {
         auth = session.user;
         userId = session.user.id;
+        log('NextAuth authentication successful, userId: %s', userId);
+      } else {
+        log('NextAuth authentication failed, no valid session');
       }
       return createContextInner({ authorizationHeader: authorization, nextAuth: auth, userId });
     } catch (e) {
+      log('NextAuth authentication error: %O', e);
       console.error('next auth err', e);
     }
   }
 
+  // Final return, userId may be undefined
+  log(
+    'All authentication methods attempted, returning final context, userId: %s',
+    userId || 'not authenticated',
+  );
   return createContextInner({ authorizationHeader: authorization, userId });
 };

package/src/libs/trpc/lambda/index.ts

@@ -12,6 +12,7 @@ import { isDesktop } from '@/const/version';
 
 import { userAuth } from '../middleware/userAuth';
 import { trpc } from './init';
+import { oidcAuth } from './middleware/oidcAuth';
 
 /**
  * Create a router
@@ -30,7 +31,7 @@ export const publicProcedure = trpc.procedure.use(({ next, ctx }) => {
 });
 
 // procedure that asserts that the user is logged in
-export const authedProcedure = trpc.procedure.use(userAuth);
+export const authedProcedure = trpc.procedure.use(oidcAuth).use(userAuth);
 
 /**
  * Create a server-side caller

package/src/libs/trpc/lambda/middleware/oidcAuth.ts

@@ -0,0 +1,14 @@
+import { trpc } from '../init';
+
+export const oidcAuth = trpc.middleware(async (opts) => {
+  const { ctx, next } = opts;
+
+  // 检查 OIDC 认证
+  if (ctx.oidcAuth) {
+    return next({
+      ctx: { oidcAuth: ctx.oidcAuth, userId: ctx.oidcAuth.sub },
+    });
+  }
+
+  return next();
+});

package/src/libs/trpc/middleware/userAuth.ts

@@ -26,9 +26,7 @@ export const userAuth = trpc.middleware(async (opts) => {
   }
 
   return opts.next({
-    ctx: {
-      // ✅ user value is known to be non-null now
-      userId: ctx.userId,
-    },
+    // ✅ user value is known to be non-null now
+    ctx: { userId: ctx.userId },
   });
 });

package/src/server/services/oidc/index.ts

@@ -1,3 +1,4 @@
+import { TRPCError } from '@trpc/server';
 import debug from 'debug';
 
 import { createContextForInteractionDetails } from '@/libs/oidc-provider/http-adapter';
@@ -19,6 +20,76 @@ export class OIDCService {
     return new OIDCService(provider);
   }
 
+  /**
+   * 验证 OIDC Bearer Token 并返回用户信息
+   * 使用 oidc-provider 实例的 AccessToken.find 方法验证 token
+   *
+   * @param token - Bearer Token
+   * @returns 包含用户ID和Token数据的对象
+   * @throws 如果token无效或OIDC未启用则抛出 TRPCError
+   */
+  async validateToken(token: string) {
+    try {
+      log('Validating access token using AccessToken.find');
+
+      // 使用 oidc-provider 的 AccessToken 查找和验证方法
+      const accessToken = await this.provider.AccessToken.find(token);
+
+      if (!accessToken) {
+        log('Access token not found, expired, or consumed');
+        throw new TRPCError({
+          code: 'UNAUTHORIZED',
+          message: 'Access token 无效、已过期或已被使用',
+        });
+      }
+
+      // 从 accessToken 实例中获取必要的数据
+      // 注意：accessToken 没有 payload() 方法，而是直接访问其属性
+      const userId = accessToken.accountId; // 用户 ID 通常存储在 accountId 属性中
+      const clientId = accessToken.clientId;
+
+      // 如果需要更多的声明信息，可以从 accessToken 的其他属性中获取
+      // 例如，scopes、claims、exp 等
+      const tokenData = {
+        client_id: clientId,
+        exp: accessToken.exp,
+        iat: accessToken.iat,
+        jti: accessToken.jti,
+        scope: accessToken.scope,
+        // OIDC 标准中，sub 字段表示用户 ID
+        sub: userId,
+      };
+
+      if (!userId) {
+        log('Access token does not contain user ID (accountId)');
+        throw new TRPCError({
+          code: 'UNAUTHORIZED',
+          message: 'Access token 中未包含用户 ID',
+        });
+      }
+
+      log('Access token validated successfully for user: %s', userId);
+      return {
+        // 包含 token 原始数据，可用于获取更多信息
+        accessToken,
+        // 构建的 token 数据对象
+        tokenData,
+        // 用户 ID
+        userId,
+      };
+    } catch (error) {
+      if (error instanceof TRPCError) throw error;
+
+      // AccessToken.find 可能抛出特定错误
+      log('Error validating access token with AccessToken.find: %O', error);
+      console.error('OIDC 令牌验证错误:', error);
+      throw new TRPCError({
+        code: 'UNAUTHORIZED',
+        message: `OIDC 认证失败: ${(error as Error).message}`,
+      });
+    }
+  }
+
   async getInteractionDetails(uid: string) {
     const { req, res } = await createContextForInteractionDetails(uid);
     return this.provider.interactionDetails(req, res);

package/src/utils/parseModels.test.ts

@@ -87,7 +87,9 @@ describe('parseModelString', () => {
     });
 
     it('token and image output', () => {
-      const result = parseModelString('gemini-2.0-flash-exp-image-generation=Gemini 2.0 Flash (Image Generation) Experimental<32768:imageOutput>');
+      const result = parseModelString(
+        'gemini-2.0-flash-exp-image-generation=Gemini 2.0 Flash (Image Generation) Experimental<32768:imageOutput>',
+      );
 
       expect(result.add[0]).toEqual({
         displayName: 'Gemini 2.0 Flash (Image Generation) Experimental',
@@ -565,7 +567,12 @@ describe('transformToChatModelCards', () => {
         displayName: 'GPT-4o',
         enabled: true,
         id: 'gpt-4o',
-        pricing: { input: 2.5, output: 10 },
+        maxOutput: 4096,
+        pricing: {
+          cachedInput: 1.25,
+          input: 2.5,
+          output: 10,
+        },
         providerId: 'azure',
         releasedAt: '2024-05-13',
         source: 'builtin',
@@ -582,6 +589,11 @@ describe('transformToChatModelCards', () => {
         enabled: true,
         id: 'gpt-4o-mini',
         maxOutput: 4096,
+        pricing: {
+          cachedInput: 0.075,
+          input: 0.15,
+          output: 0.6,
+        },
         type: 'chat',
       },
       {
@@ -596,7 +608,11 @@ describe('transformToChatModelCards', () => {
         source: 'builtin',
         id: 'o1-mini',
         maxOutput: 65536,
-        pricing: { input: 1.1, output: 4.4 },
+        pricing: {
+          cachedInput: 0.55,
+          input: 1.1,
+          output: 4.4,
+        },
         releasedAt: '2024-09-12',
         type: 'chat',
       },

package/src/utils/server/__tests__/auth.test.ts

@@ -1,6 +1,6 @@
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 
-import { getUserAuth } from '../auth';
+import { extractBearerToken, getUserAuth } from '../auth';
 
 // Mock auth constants
 let mockEnableClerk = false;
@@ -93,3 +93,47 @@ describe('getUserAuth', () => {
     });
   });
 });
+
+describe('extractBearerToken', () => {
+  it('should return the token when authHeader is valid', () => {
+    const token = 'test-token';
+    const authHeader = `Bearer ${token}`;
+    expect(extractBearerToken(authHeader)).toBe(token);
+  });
+
+  it('should return null when authHeader is missing', () => {
+    expect(extractBearerToken()).toBeNull();
+  });
+
+  it('should return null when authHeader is null', () => {
+    expect(extractBearerToken(null)).toBeNull();
+  });
+
+  it('should return null when authHeader does not start with "Bearer "', () => {
+    const authHeader = 'Invalid format';
+    expect(extractBearerToken(authHeader)).toBeNull();
+  });
+
+  it('should return null when authHeader is only "Bearer"', () => {
+    const authHeader = 'Bearer';
+    expect(extractBearerToken(authHeader)).toBeNull();
+  });
+
+  it('should return null when authHeader is an empty string', () => {
+    const authHeader = '';
+    expect(extractBearerToken(authHeader)).toBeNull();
+  });
+
+  it('should handle extra spaces correctly', () => {
+    const token = 'test-token-with-spaces';
+    const authHeaderWithExtraSpaces = ` Bearer   ${token}  `;
+    const authHeaderLeadingSpace = ` Bearer ${token}`;
+    const authHeaderTrailingSpace = `Bearer ${token} `;
+    const authHeaderMultipleSpacesBetween = `Bearer    ${token}`;
+
+    expect(extractBearerToken(authHeaderWithExtraSpaces)).toBe(token);
+    expect(extractBearerToken(authHeaderLeadingSpace)).toBe(token);
+    expect(extractBearerToken(authHeaderTrailingSpace)).toBe(token);
+    expect(extractBearerToken(authHeaderMultipleSpacesBetween)).toBe(token);
+  });
+});