You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I based the need to specify an auth-scheme based on RFC2617 "HTTP Authentication: Basic and Digest Access Authentication" section 1.2. This RFC specifies that the credentials supplied in the Authorization header take the format
credentials = auth-scheme #auth-param
Based on my reading of the RFC it does not appear that the auth-scheme can be considered optional.
I'm going to close this with no action but if you can find documentation that states that the auth-scheme can be treated as optional I'll take another look.
I believe that it makes sense that if the auth type is not specified in the header then it should default to JWT.
The text was updated successfully, but these errors were encountered: