You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 14, 2018. It is now read-only.
When requests are unauthorized, it might help clients understand what was wrong if nginx-jwt were to send back a WWW-Authenticate header. This seems to be a pretty standard thing, and is mandatory for implementors of OAuth 2.0 Bearer tokens[1]. From the spec:
If the protected resource request does not include authentication
credentials or does not contain an access token that enables access
to the protected resource, the resource server MUST include the HTTP
"WWW-Authenticate" response header field
Users of the nginx the nginx auth_basic module get this for free, and might be surprised that nginx-jwt does not do this too.
I'm not sure what's going on over at auth0 preventing responsiveness, but I decided to fork nginx-jwt over here: https://github.com/platinummonkey/nginx-jwt I'm currently merging in a number of these issue fixes, and will be setting up CI as well.
When requests are unauthorized, it might help clients understand what was wrong if
nginx-jwt
were to send back aWWW-Authenticate
header. This seems to be a pretty standard thing, and is mandatory for implementors of OAuth 2.0 Bearer tokens[1]. From the spec:Users of the nginx the nginx auth_basic module get this for free, and might be surprised that
nginx-jwt
does not do this too.Thank you for
nginx-jwt
![1] https://tools.ietf.org/html/rfc6750#section-3
The text was updated successfully, but these errors were encountered: