Hello BaseX Team,
I'm trying to implement a RESTXQ service that uses JWT tokens for
authorization and authentication.
For this purpose I use a permission check annotated function that
validates the token and returns a 401 response if the token is invalid
or missing.
declare %perm:check('/admin','{$perm}')function security:check-admin($perm)
{
let $token := $perm?authorization
where empty($token)
return <rest:response>
<http:response status='401'>
<http:header name='WWW-Authenticate' value='Bearer realm="c42"'/>
</http:response>
</rest:response>
};
When I call the endpoint without token I get the expected response but
the WWW-Authenticate header is different to the one that I have defined:
WWW-Authenticate Basic realm="BaseX"
Is there a way to override the BaseX provided header?
Thanks for your input.
Best regards
Johannes