RESTler API Fuzzing Add Authentication Bearer token

Question

I would like to fuzz my API with a Bearer token (JWT). I have many routes on my NodeJS API with a special route /login which return a token if your username and password sent in the request body are correct. Then I can use this token for access to all my API, for example a curl request which work fine: curl -X GET -H "Accept: application/json" -H "Host: localhost:8080" -H "Authorization: Bearer <MY_JWT_TOKEN>" http://localhost:8080/

So I've tried two methods seen in the Authentication.md and SettingsFile.md, the Module and the Location but neither of them worked. Firtsly, a trailer of my swagger.json file :

{
  "openapi": "3.0.0",
  [...]
  "paths": {
    "/": {
      "get": {
        "summary": "Racine de l'API.",
        "responses": {
          "200": {
            "description": "Succès, l'API fonctionne correctement."
          },
          "401": {
            "$ref": "#/components/responses/UnauthorizedError"
          }
        },
        "security": [
          {
            "bearerAuth": []
          }
        ]
      }
    },
  "components": {
    "securitySchemes": {
      "bearerAuth": {
        "type": "http",
        "scheme": "bearer",
        "bearerFormat": "JWT"
      }
    },
    "responses": {
      "UnauthorizedError": {
        "description": "Authentication token is missing or invalid"
      }
    }
  },
  "tags": []
}

I've only put the interesting parts of this swagger.json and I've tested it on swagger editor and it's fine. After compiling the file, I try the Test and that's when the problems start.

For the Location method :

My engine_settings.json :

{
  "authentication": {
    "token": {
      "location": "/home/guillaume/fuzzing-tools/restler/restler_bin/test-auth1/authentication_token.txt",
      "token_refresh_interval":  300
    }
  },
  "exclude_requests": [
    {
      "endpoint": "/login",
      "methods": ["POST"]
    }
  ]
}

I'm excluding the /login route at first because I don't need to test it and I already have a valid token in my authentication_token.txt file which just contains a line with my token, like : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Imd1aWxsYXVtZSIsImlhdCI6MTcwNzQ4NTQ3MSwiZXhwIjoxNzA3NTA3MDcxfQ.n1rP__tMb1qIquDjrh057jGLUSBgfeX9XUwfbD9L8gE

Except the engine_settings.json file, I didn't change anything else. I don't know if I needed to change anything according to the documentation, if I've understood correctly.

Then i make my Test command : ../restler/Restler test --grammar_file Compile/grammar.py --dictionary_file Compile/dict.json --settings Compile/engine_settings.json --no_ssl

The result :

Starting task Test...
Using python: 'python3' (Python 3.11.7)
Request coverage (successful / total): 0 / 6
Attempted requests: 5 / 6
No bugs were found.
See 'coverage_failures_to_investigate.txt' to investigate API coverage.
Task Test succeeded.
Collecting logs...

A trailer of my coverage_failures_to_investigate.txt for the root route :

Request: Get 
Number of blocked dependent requests: 0

        +++ Combination 1 +++:
        Request sequence: 
        > GET / HTTP/1.1\r\nAccept: application/json\r\nHost: localhost:8080\r\nAUTHORIZATION TOKEN\r\n\r\n
        < HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n


        +++ Combination 2 +++:
        Request sequence: 
        > GET / HTTP/1.1\r\nAccept: application/json\r\nHost: localhost:8080\r\nAUTHORIZATION TOKEN\r\n\r\n
        < HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n

It's sending me back a 400 Bad request error, so I don't know what the problem is. I think it's not managing to format the request header properly with a Bearer token, so if anyone can help me, I'd love to! Basically, I wanted to show both methods, but I thought it was a bit much.