What are the steps to reproduce this issue?
- Implement JWT configuration
- Authenticate and receive JWT token
- Attempt to GET /api/v1/echo/whoami/
What happens?
You will get an invalid or missing auth credentials response.
…
What were you expecting to happen?
It should execute the handler method.
…
Any other comments?
I would have assumed that passing along the JWT token would allow bypassing the secured annotation. However, I think for this to have the intended effect, you have to add the whoami() method to the cbsecurity firewall rules and remove the annotation.
What are the steps to reproduce this issue?
What happens?
You will get an invalid or missing auth credentials response.
…
What were you expecting to happen?
It should execute the handler method.
…
Any other comments?
I would have assumed that passing along the JWT token would allow bypassing the
securedannotation. However, I think for this to have the intended effect, you have to add thewhoami()method to the cbsecurity firewall rules and remove the annotation.