Closed adambrakhane closed 3 years ago
Hello, There is no way in my knowledge to coerce the browser to send Authorization header by itself. You have to use cookie. I'm still waiting for a PR from #28 for that.
As PR #28 has been merged, you can use a Cookie to force the browser to send the token in all requests. I close the issue.
We are already issuing JWT tokens for access to our API but would like to start protecting some semi-static websites (including images/static files) with the same auth scheme. We are imagining:
1) User goes to HTML/JS login page that sends credentials to our existing API which returns a JWT token 2) We somehow inform the browser (basic auth?, cookie, local storage) that we have a token 3) Now the browser automatically sends the Authorization header or cookie with each requests & mod_authnz_jwt validates
Is there a way I can coerce the browser to send custom Authorization headers?
I believe I am interested in what is happening here: https://github.com/AnthonyDeroche/mod_authnz_jwt/issues/28