Open CSantosM opened 1 year ago
Did you solve this? Same issue here.
The idea was that if something is protected by auth, it requires auth. If certain routes do not need authentication, try to attach the middleware only to those that should be protected.
Otherwise, it might be tricky to add this as an option without breaking at least types, so enabling the behaviour you want might need to wait for a v2.0
.
The custom authorizer is not called if my request has not Authorization header and the request is rejected automaticaly with "401 NO AUTHORIZED" message which is not what I was expected.
This forces me to have to use dummy auth data with the aim of invoked my custom authorized.
I would like the custom authorized is called without refusing the request even if the header is empty because that is precisely the work of the custom authorized, reject or allow each request, isn't it?
Why is the reason for this decision?