Currently the token is automatically looked up in query, body and header. I want to disallow token to be supplied in anything OTHER than header, but it doesn't seem possible now.
Describe the ideal solution
Extend JwtVerifierOptions to allow us to specify the locations where to look for the token.
Alternatives and current workarounds
None discovered. Potentially writing a custom auth Handler wrapping jwtverifier?
Checklist
Describe the problem you'd like to have solved
Currently the token is automatically looked up in query, body and header. I want to disallow token to be supplied in anything OTHER than header, but it doesn't seem possible now.
Describe the ideal solution
Extend
JwtVerifierOptionsto allow us to specify the locations where to look for the token.Alternatives and current workarounds
None discovered. Potentially writing a custom
authHandler wrappingjwtverifier?Additional context
No response