You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to use both - session based and JWT authorization method.
When I detect the BASIC auth header - I want to use TMVCBasicAuthenticationMiddleware ELSE
when I detect the BEARER auth header - I want to validate tokens
the flow of authorization is not quite clear for me. Even if I'm correctly logged-in using the basic auth, the JWT raises exception that JWT header not found. The code seems strange for me:
procedure TMVCBasicAuthenticationMiddleware.OnBeforeControllerAction(
AContext: TWebContext;
const AControllerQualifiedClassName, AActionName: string;
var AHandled: Boolean);
begin
....
if IsAuthorized then
AHandled := False -> is this correct? If we set AHandled = false the other authorization methods will be tried so JWT will fail
else
begin
if IsValid then
Send403Forbidden
else
begin
SendWWWAuthenticate;
end;
end;
end
When I changed it to AHandled := True, the login process is ok.
The text was updated successfully, but these errors were encountered:
I've got a similar issue, I need to be able to store the jwt in a session as some clients use a different endpoint to initially access my app, and so will never send an authorization header. I will create a new issue ticket though.
I would like to use both - session based and JWT authorization method.
When I detect the BASIC auth header - I want to use TMVCBasicAuthenticationMiddleware
ELSE
when I detect the BEARER auth header - I want to validate tokens
the flow of authorization is not quite clear for me. Even if I'm correctly logged-in using the basic auth, the JWT raises exception that JWT header not found. The code seems strange for me:
When I changed it to AHandled := True, the login process is ok.
The text was updated successfully, but these errors were encountered: