funcool / buddy

Security library for Clojure
Apache License 2.0
827 stars 38 forks source link

JWT Backend not using authfn when authentication header is missing #45

Open DavidLapes opened 2 years ago

DavidLapes commented 2 years ago

When I use jws backend and send request without Authentication header, the request goes through. I am not sure if it should be like this, because if I require the token to be there, it should fail.

I have a bad feeling I am missing something and that it's working as inteded and it is me who misconfigured something, but in that case I found no evidence of how to make that fail when header is missing.