In order to allow ws auth in a browser and from a backend app, this PR allows a client to pass auth with a header or with a query param. Hydra expects one of the two, and forwards it along to the auth service (separate) for validation.
Additionally, this PR improves where and how the authResponse is attached to the UMF body of outbound messages.
In order to allow ws auth in a browser and from a backend app, this PR allows a client to pass auth with a header or with a query param. Hydra expects one of the two, and forwards it along to the auth service (separate) for validation.
Additionally, this PR improves where and how the
authResponse
is attached to the UMFbody
of outbound messages.