Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Support JWT authorization without failing request upon validation failure #6180

Open
theJC opened this issue Oct 22, 2024 · 0 comments
Open

Support JWT authorization without failing request upon validation failure #6180

theJC opened this issue Oct 22, 2024 · 0 comments
Labels
raised by user

Comments

@theJC
Copy link
Contributor

theJC commented Oct 22, 2024
edited
Loading

Is your feature request related to a problem? Please describe.

Today, if a JWT is present but validation of the JWT fails, the router rejects the request.

We require when a JWT is present, that it be validated, but if that fails, allow the request to continue, but obviously the context apollo_authentication::JWT::claims should not be populated.

Describe the solution you'd like

A router configuration setting, allowing the the processing to continue even if JWT validation fails.

Perhaps a context value apollo_authentication::JWT::status to be provided to allow rhai/coprocessor to differentiate when no JWT was provided versus when a JWT could not be validated.

Describe alternatives you've considered

Having to write our own JWT processing code and not be able to leverage Router's built-in support

Additional context

Add any other context or screenshots about the feature request here.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
raised by user
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@theJC