search

OpenLiberty / open-liberty

Open Liberty is a highly composable, fast to start, dynamic application server runtime environment
https://openliberty.io
Eclipse Public License 2.0
1.13k stars 575 forks source link

Oauth Should not Intercept for unprotected resources #28418

Open wrodrig opened 2 weeks ago

wrodrig commented 2 weeks ago

Describe the bug

I have an application that has an unprotected resource. Despite this, Oauth is intercepting the request and throwing a 401

m.ibm.ws.webcontainer.security.ProviderAuthenticationResult > <init> Entry  
                                                                                                               FAILURE
                                                                                                               401

Steps to Reproduce
Create an application with an unprotected resource, configure liberty with Oauth. Try to access the application.

Expected behavior

User should be able to access the request with no error or authentication prompt.

Diagnostic information:

Additional context
Add any other context about the problem here.

wrodrig commented 2 weeks ago

Being worked under PR https://github.com/OpenLiberty/open-liberty/pull/28419