This repository has been archived by the owner on Dec 13, 2018. It is now read-only.
Fixed get user auth priority - first check cookie and then header for… #618
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… authenticationRequired route
|
Hi Alex, can you tell me the use case for sending both the cookie and the header? Since this technically isn't part of the migration work I'm inclined to not change this current behavior, especially since we don't have a test for this case, thus I'm not sure who is depending on this current behavior. A workaround would be to put your own middleware in front of this, and remove the token that you don't want to use. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Migration from Stormpath to Okta:
When checking authenticationRequired route the resolvedAccessToken should take the access token from cookie first.
This scenario is happen when the request contains the cookies together with Auth Bearer and then the auth failed