Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support JWT authorization without failing request upon validation failure #6180

Open
theJC opened this issue Oct 22, 2024 · 0 comments
Open

Comments

@theJC
Copy link
Contributor

theJC commented Oct 22, 2024

Is your feature request related to a problem? Please describe.

Today, if a JWT is present but validation of the JWT fails, the router rejects the request.

We require when a JWT is present, that it be validated, but if that fails, allow the request to continue, but obviously the context apollo_authentication::JWT::claims should not be populated.

Describe the solution you'd like

A router configuration setting, allowing the the processing to continue even if JWT validation fails.

Perhaps a context value apollo_authentication::JWT::status to be provided to allow rhai/coprocessor to differentiate when no JWT was provided versus when a JWT could not be validated.

Describe alternatives you've considered

Having to write our own JWT processing code and not be able to leverage Router's built-in support

Additional context

Add any other context or screenshots about the feature request here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant