You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm wondering how can I make some controllers/actions public?
Currently after adding AuthenticationMiddleware all requests have to be authenticated. The only exception is for login url in FormAuthenticator. But there are some use cases like home page etc, where authentication is not necessary.
I know this plugin intends to decouple authorization from authentication but my use case takes place before authorization is even possible. I want to have actions not authenticated at all.
In AuthComponent we had allow() and deny() to control when authentication should take place. Now this feature is missing.
The text was updated successfully, but these errors were encountered:
For the future reference:
I thought that response fails if the authentication fails. But it doesn't. There's failed authentication result in $request->getAttribute('authenticationResult') and nothing more.
I'm wondering how can I make some controllers/actions public?
Currently after adding
AuthenticationMiddleware
all requests have to be authenticated. The only exception is for login url inFormAuthenticator
. But there are some use cases like home page etc, where authentication is not necessary.I know this plugin intends to decouple authorization from authentication but my use case takes place before authorization is even possible. I want to have actions not authenticated at all.
In
AuthComponent
we hadallow()
anddeny()
to control when authentication should take place. Now this feature is missing.The text was updated successfully, but these errors were encountered: