Nikky
04/23/2022, 12:29 AMoptional=true
? in my code when the token verification fails it always responds with 401, even when set up like so
authenticate("auth-jwt", optional = true) {
any tricks that i can do to evad whats in JWTUtils.kt#verifyAndValidate at lines 96-99
?
from how i read the documentation a failed auth should lead to a principal being null.. but in this case it never hits my code and always just jumps to the challenge...
PS: diging into the code.. seems like AuthenticationFailedCause.InvalidCredentials
is still responded with a 401
and token verification failure, eg. expired token or signing key differs or such.. will trigger that
i'd prefer to treat it as if it was a AuthenticationFailedCause.NoCredentials
for now i copied the JWTAuthenticationProvider
and all the internal classes it uses.. just to change one line...Aleksei Tirman [JB]
04/26/2022, 8:21 AMoptional
parameter says:
optional when set, if no authentication is provided by the client, a call continues but with a null [Principal].So if an authentication is provided by the client then it will verify a token. Am I right that you want to receive a null principal when authentication fails or when no authentication is provided by a client?
Nikky
04/28/2022, 3:13 PMauthHeader
block i manually extract blob
out of the header and run verifier on it.. if it throws exception i return null
acts the same as if nothing was passed in..