Open
Description
openedon Mar 5, 2020
In #41959 we added authRequired: 'optional'
which changed a request termination logic for the next 2 cases:
- redirect to IdP
- notHandled (no valid credentials)
From now, redirect
and notHandled
logic performed by the core, depending on the current authRequired value. That makes responseFactory excessive, and we should remove it to provide the only way to redirect/reject an incoming request via authToolkit.
Reject interface might look like:
return t.failed({
error: {...},
statusCode?: number,
responseHeaders: authenticationResult.authResponseHeaders,
});
to support cases when a request to Elasticsearch failed and we need to proxy an error to the client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment