-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for dynamic unauthenticated/unauthorized responses #491
Comments
Hi @OperationalDev. Thanks for suggesting this feature. It sounds an interesting use case to cover. I imagine that, in case multiple custom responses match (same priority, both blocks of |
TBH I hadn't thought about that use case as I tend to always use priority, but to keep things consistent, I think it would make sense to make it behave the same way. |
Current Issue
We have some services behind an authconfig that are used by both systems and users from a browser. When a user tries to access the services from their browser and is unauthenticated, we return a 302, similar to the example here https:/Kuadrant/authorino/blob/main/docs/user-guides/deny-with-redirect-to-login.md
However when a system makes a call to the service, we don't want to give them back a 302, we want to be able to give them back a 401 instead.
At the moment we have this working by using response.unauthenticated to always return a 401 and then using response.unauthorized to return a 302 and making user requests skip response.unauthenticated which works well, but it makes it difficult to add authorization as well for other use cases.
Possible solutions
Having multiple response.unauthenticated/unauthenticated responses (similar to how we can have multiple authentication types) and then using priority and when to determine which ones are invoked.
The text was updated successfully, but these errors were encountered: