HTTP Binding Define Headers in UI

First of all, I’m on OH 4 SNAPSHOT #3282 but I suspect this is the same in at least OH 3.4.

What I’m Trying to Do: I want to hit a couple of REST API endpoints of my AdGuard Home server to make it a bit easier for my SO to enable/disable the protection when a site is erroneously blocked.

I’m using the UI to define the Thing. This config for the Thing works!

UID: http:url:adguard
label: AdGuard
thingTypeUID: http:url
configuration:
  headers:
    - "Authorization: Basic BASE64_DATA"
  ignoreSSLErrors: true
  stateMethod: GET
  refresh: 30
  commandMethod: GET
  timeout: 3000
  authMode: BASIC_PREEMPTIVE
  baseURL: https://somehost:8443/control
  password: mind_your_own_business
  delay: 0
  contentType: application/json
  username: rich
  bufferSize: 2048
channels:
  - id: protection_status
    channelTypeUID: http:string
    label: Protection Status
    description: ""
    configuration:
      mode: READONLY
      stateExtension: /status

This Thing successfully accesses the REST API and pulls down the status. However, it throws a warning to the logs:

2023-01-17 13:46:33.930 [WARN ] [ttp.internal.http.RefreshingUrlCache] - Splitting header 'Authorization: Basic BASE64_DATA' failed. No '=' was found. Ignoring

This implies that I’ve defined the header incorrectly, and indeed, according to the HTTP binding docs that is in fact no the way to define the header.

However if I try any of the following I get a 403 Forbidden.

Authorization=Basic BASE64_DATA
Authorization = Basic BASE64_DATA
"Authorization" = "Basic BASE64_DATA"
"Authorization=Basic BASE64_DATA"

In all of these cases, the warning log goes away but AdBlock Home blocks the access.

So what am I doing wrong? Or is there something weird going on in the binding?

If you use the integrated auth settings you don‘t need to add additional headers.

I thought I tried that but I guess I didn’t. I must have tried it with Basic Auth instead of Preemtive Basic and forgot to try it again.

Thanks!