When I use jws backend and send request without Authentication header, the request goes through. I am not sure if it should be like this, because if I require the token to be there, it should fail.
I have a bad feeling I am missing something and that it's working as inteded and it is me who misconfigured something, but in that case I found no evidence of how to make that fail when header is missing.
When I use
jws
backend and send request withoutAuthentication
header, the request goes through. I am not sure if it should be like this, because if I require the token to be there, it should fail.I have a bad feeling I am missing something and that it's working as inteded and it is me who misconfigured something, but in that case I found no evidence of how to make that fail when header is missing.