how do i use JWT auth with

optional=true

? in my code when the token verification fails it always responds with 401, even when set up like so

authenticate("auth-jwt", optional = true) {

any tricks that i can do to evad whats in

JWTUtils.kt#verifyAndValidate at lines 96-99

? from how i read the documentation a failed auth should lead to a principal being null.. but in this case it never hits my code and always just jumps to the challenge... PS: diging into the code.. seems like

AuthenticationFailedCause.InvalidCredentials

is still responded with a 401 and token verification failure, eg. expired token or signing key differs or such.. will trigger that i'd prefer to treat it as if it was a

AuthenticationFailedCause.NoCredentials

for now i copied the

JWTAuthenticationProvider

and all the internal classes it uses.. just to change one line...

The KDoc for the

optional

parameter says:

optional when set, if no authentication is provided by the client, a call continues but with a null [Principal].

So if an authentication is provided by the client then it will verify a token. Am I right that you want to receive a null principal when authentication fails or when no authentication is provided by a client?

another way i found that works too in

authHeader

block i manually extract

blob

out of the header and run verifier on it.. if it throws exception i return

null

acts the same as if nothing was passed in..