Issue with Anonymous access and 'Authorization' header on HCL Domino 12
There is a database which has anonymous access "Editor". Anonymous users can access one of the XPages REST API with "Authorization" header. This will have JWT token in the request header as mentioned below.
I read this Token on the server side and process. Recently we have upgraded our servers to Domino 12.0.1 from Domino 10 version. This API is not working and giving the login screen when we have "Authorization" Header. The anonymous access is not working for this page. If we remove the "Authorization" header from request, then anonymous access works.
I have checked the Domino configuration and not able to figure out why login screen coming. Some setting is checking the "Authorization" header and asking for login even though the anonymous access is "Editor".
I want to access this REST Api without login screen and should accept the "Authorization".
Domino 12 has native support for JTW authentication using an OIDC provider.
This means that the Authorization header is natively handled by the Domino 12 HTTP stack so that you (unfortunately) can not access the Authorization header in your custom code.
I suggest that you vote for this idea: https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-2405.
- Meteor server api using iron router returns HTML not the response
- How to return global object from a Rocket REST API?
- How to map this Json with rest template spring boot
- Office 365 REST API - Creating a Contact gives me HTTPCode 400
- Guidance for writing a wrapper for a REST API
- PayPal REST API: Search by BUYER Transaction ID
- Django rest framework where to write complex logic in serializer.py or views.py?
- REST and spring-mvc
- Cookie in Thunder Client VS Code extension
- How to write a generic handler in Go?
- How to make a script to automate taking the GET data from my wordpress site and POST to another server
- How do you set a scenario when doing a restful call in Yii2 to return certain fields
- Spring - checking path variable for null at controller
- How to transform Model-View-Presenter architecture to WebAPI?
- Go file server doesn't serve folder
- How to use jti claim in a JWT
- Rewrite POST method on rest api yii2
- JFrog REST API to Export the X-ray SBOM report
- How can I get BizTalk to allow a large array in querystring for consuming a REST service?
- Why am i getting 405 Method Not Allowed while doing a POST Request
- Use CakePHP Http Client with Magento2 rest API search criteria
- API Key in path
- Trying to call rest APIs, but get http request exception
- Invoke-WebRequest, POST with parameters
- An established connection was aborted by the software in your host machine tomcat jackson
- Empty Form When Initializing from Rest API
- 404-not-found-while-running-spring-boot-rest-api
- Pass array as query parameter in Postman
- Where should the filtering logic be: in the frontend or in the backend?
- Can I get the company name/logo with the LinkedIn API?