-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom authorizer is not called without Authorization header #49
Labels
Comments
Did you solve this? Same issue here. |
The idea was that if something is protected by auth, it requires auth. If certain routes do not need authentication, try to attach the middleware only to those that should be protected. Otherwise, it might be tricky to add this as an option without breaking at least types, so enabling the behaviour you want might need to wait for a |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The custom authorizer is not called if my request has not Authorization header and the request is rejected automaticaly with "401 NO AUTHORIZED" message which is not what I was expected.
This forces me to have to use dummy auth data with the aim of invoked my custom authorized.
I would like the custom authorized is called without refusing the request even if the header is empty because that is precisely the work of the custom authorized, reject or allow each request, isn't it?
Why is the reason for this decision?
The text was updated successfully, but these errors were encountered: