Previoulsy i submitted a PR which forcefully threw an error if login failed or if the jwt expired
This was short sighted - sometimes a valid login is not necessary depending on the collection/endpoint and there is no sense failing the request simply because a token is present. Including a token on all requests makes client development a lot easier than having to painfully pick and choose which requests require it and which dont
This PR allows a request to continue if login fails or jwt problem/expired and sends this information separately as an authError property. This is no less secure since permissions model still holds true, and is actually a revert of what always worked but now we're sending more meaningful authError back to client
Previoulsy i submitted a PR which forcefully threw an error if login failed or if the jwt expired
This was short sighted - sometimes a valid login is not necessary depending on the collection/endpoint and there is no sense failing the request simply because a token is present. Including a token on all requests makes client development a lot easier than having to painfully pick and choose which requests require it and which dont
This PR allows a request to continue if login fails or jwt problem/expired and sends this information separately as an
authErrorproperty. This is no less secure since permissions model still holds true, and is actually a revert of what always worked but now we're sending more meaningfulauthErrorback to client