From 8dd5a113c1e767b03d37dcad372539e803ae8939 Mon Sep 17 00:00:00 2001
From: Adam Cooper <adam.cooper@digital.justice.gov.uk>
Date: Wed, 17 Jul 2024 16:29:29 +0100
Subject: [PATCH] Move around the header addition ordering

---
 .../App/src/DataAccess/ApiGateway/RequestSigner.php    | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/service-api/app/src/App/src/DataAccess/ApiGateway/RequestSigner.php b/service-api/app/src/App/src/DataAccess/ApiGateway/RequestSigner.php
index 00a0ed64b6..c1de5f90d7 100644
--- a/service-api/app/src/App/src/DataAccess/ApiGateway/RequestSigner.php
+++ b/service-api/app/src/App/src/DataAccess/ApiGateway/RequestSigner.php
@@ -25,12 +25,18 @@ public function __construct(readonly private SignatureV4 $signer, array $headers
 
     public function sign(RequestInterface $request): RequestInterface
     {
-        $request = $this->signer->signRequest($request, $this->credentials);
-
         foreach ($this->headers as $header => $value) {
             $request = $request->withHeader($header, $value);
         }
 
+        $request = $this->signer->signRequest($request, $this->credentials);
+
+        // if the Authorization header has been supplied then it is with the understanding
+        // that it replaces anything generated by the AWS signing process.
+        if (array_key_exists('Authorization', $this->headers)) {
+            $request = $request->withHeader('Authorization', $this->headers['Authorization']);
+        }
+
         return $request;
     }
 }