You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running gcp-iap-auth in proxy mode, it would be great to let the traffic through, not giving 401, in case when the jwt can't be validated or doesn't exist. This will allow backend application to provide the guest content or secondary login option.
In such cases, the gcp-iap-auth should clear the bad jwt header, and also clear the email-header, etc. to prevent clients from spoofing the login. The backend can then trust the email-header to decide if it is authenticated request or anonymous request.
The text was updated successfully, but these errors were encountered:
When running gcp-iap-auth in proxy mode, it would be great to let the traffic through, not giving 401, in case when the jwt can't be validated or doesn't exist. This will allow backend application to provide the guest content or secondary login option.
In such cases, the gcp-iap-auth should clear the bad jwt header, and also clear the email-header, etc. to prevent clients from spoofing the login. The backend can then trust the email-header to decide if it is authenticated request or anonymous request.
The text was updated successfully, but these errors were encountered: