This repository was archived by the owner on Feb 14, 2018. It is now read-only.
WWW-Authenticate header #43
Labels
Comments
|
@yeungda-rea: You are absolutely right. I think all we'd need to do is send back this response header: Would you agree? |
|
+1 |
|
I'm not sure what's going on over at auth0 preventing responsiveness, but I decided to fork nginx-jwt over here: https://github.com/platinummonkey/nginx-jwt I'm currently merging in a number of these issue fixes, and will be setting up CI as well. |
|
@platinummonkey yeah was tempted to do the same thing. 👍 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When requests are unauthorized, it might help clients understand what was wrong if
nginx-jwtwere to send back aWWW-Authenticateheader. This seems to be a pretty standard thing, and is mandatory for implementors of OAuth 2.0 Bearer tokens[1]. From the spec:Users of the nginx the nginx auth_basic module get this for free, and might be surprised that
nginx-jwtdoes not do this too.Thank you for
nginx-jwt![1] https://tools.ietf.org/html/rfc6750#section-3
The text was updated successfully, but these errors were encountered: