cataglyphis commented on issue #10793:
URL: https://github.com/apache/apisix/issues/10793#issuecomment-1884140213
Looks that I misunderstand the config of `unauth_action`, if no
authorization in request headers, apisix always return `401`
```lua
local function introspect(ctx, conf)
-- Extract token, maybe.
local has_token, token, err = get_bearer_access_token(ctx)
if err then
return ngx.HTTP_BAD_REQUEST, err, nil, nil
end
if not has_token then
-- Could not find token.
if conf.bearer_only then
-- Token strictly required in request.
ngx.header["WWW-Authenticate"] = 'Bearer realm="' .. conf.realm
.. '"'
return ngx.HTTP_UNAUTHORIZED, "No bearer token found in
request.", nil, nil
else
-- Return empty result.
return nil, nil, nil, nil
end
end
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
