Closed sinuraya closed 2 years ago
I already inclue a path in the ignore rule:
return new JwtAuthentication([ "secure" => true, "path" => "/", "ignore" => [ "/api/v1.0/notification", ... ], ]);
and then I call it with:
curl --location --request POST 'https://example.com/api/v1.0/notification' \ --header 'Timestamp: 2021-08-26T09:40:48.818Z' \ --header 'Content-Type: application/json' \ --data-raw '{ "id":"8888001256798654" }'
and it works as expected.
but when I call it with:
curl --location --request POST 'https://example.com/api/v1.0/notification' \ --header 'Timestamp: 2021-08-26T09:40:48.818Z' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer KTfB234UfOhaaIHOg0AdcM9VgDt3L8LO57' \ --data-raw '{ "id":"8888001256798654" }'
then I got an error as if the endpoint get authenticated.
What I really need is a consistent behavior, that the midlleware will ignore the Authorization header when the endpoint is in the ignore list.
I found that this issue is not valid. I thought it is a strange behavior but I forgot that the request is passing through an API Gateway. Sorry for creating irrelevant issue. Thank you for the great library.
I already inclue a path in the ignore rule:
and then I call it with:
and it works as expected.
but when I call it with:
then I got an error as if the endpoint get authenticated.
What I really need is a consistent behavior, that the midlleware will ignore the Authorization header when the endpoint is in the ignore list.