Hello, I've seen that in ktor 1.2.0 new property was added in jwt authentication provider - "authHeader", currently we are using that authHeader to pass JWT token not from header but from request cookies instead. But it token is invalid we have a need to submit 301 redirect to /login page instead of 401 auth response. Is it possible somehow to setup this behaviour in ktor? With session auth provider where is a "challenge" property for that, but not in jwt.

Yes, you are right, it is incomplete. There was a PR 1130 about it but it is done wrong (added a flag instead of challenge). And no response from the author yet

understood, thanks!