Hello BaseX Team,

I'm trying to implement a RESTXQ service that uses JWT tokens for authorization and authentication. For this purpose I use a permission check annotated function that validates the token and returns a 401 response if the token is invalid or missing.

declare %perm:check('/admin','{$perm}')function security:check-admin($perm)
{
   let $token := $perm?authorization
   where empty($token)
   return <rest:response>
      <http:response status='401'>
         <http:header name='WWW-Authenticate' value='Bearer realm="c42"'/>
      </http:response>
   </rest:response>
};

When I call the endpoint without token I get the expected response but the WWW-Authenticate header is different to the one that I have defined:

WWW-Authenticate Basic realm="BaseX"

Is there a way to override the BaseX provided header?

Thanks for your input.

Best regards
Johannes

Reply via email to