Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom authorizer is not called without Authorization header #49

Open
CSantosM opened this issue Sep 30, 2022 · 2 comments
Open

Custom authorizer is not called without Authorization header #49

CSantosM opened this issue Sep 30, 2022 · 2 comments
Labels
enhancement v2

Comments

@CSantosM
Copy link

The custom authorizer is not called if my request has not Authorization header and the request is rejected automaticaly with "401 NO AUTHORIZED" message which is not what I was expected.

This forces me to have to use dummy auth data with the aim of invoked my custom authorized.

I would like the custom authorized is called without refusing the request even if the header is empty because that is precisely the work of the custom authorized, reject or allow each request, isn't it?

Why is the reason for this decision?
@ViniMnzs
Copy link

ViniMnzs commented Jan 6, 2023

Did you solve this? Same issue here.

@LionC
Copy link
Owner

LionC commented Sep 28, 2023

The idea was that if something is protected by auth, it requires auth. If certain routes do not need authentication, try to attach the middleware only to those that should be protected.

Otherwise, it might be tricky to add this as an option without breaking at least types, so enabling the behaviour you want might need to wait for a v2.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement v2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@LionC @CSantosM @ViniMnzs