Hi Michael, It seems there is a consensus for disabling the JWT feature OOTB and it makes sense after testing with Postman. Rest inline:
Le 22/01/2019 à 07:43, Michael Brohl a écrit :
2. the functionality to have a single sign on between two OFBiz instances will only be used in rare cases (I think). It is only designed for this special case and cannot be used for standard single sign on scenarios with other systems.
If we make this feature implicitly non-operational, what about showing it in example? I guess showing it should depend of the property which switch on/off the JWT feature.
3. if it is not used, it will still try to read the authorization header, key etc. *on every request*
Yes, that's not a problem it's only few ms (if even) as long as there is no JWT passed. Else all the other pre-processors would also be concerned... Jacques