Support JWT authorization without failing request upon validation failure

Question

Support JWT authorization without failing request upon validation failure

Opened this issue 2 months ago · 0 comments

Is your feature request related to a problem? Please describe.

Today, if a JWT is present but validation of the JWT fails, the router rejects the request.

We require when a JWT is present, that it be validated, but if that fails, allow the request to continue, but obviously the context apollo_authentication::JWT::claims should not be populated.

Describe the solution you'd like

A router configuration setting, allowing the the processing to continue even if JWT validation fails.

Perhaps a context value apollo_authentication::JWT::status to be provided to allow rhai/coprocessor to differentiate when no JWT was provided versus when a JWT could not be validated.

Describe alternatives you've considered

Having to write our own JWT processing code and not be able to leverage Router's built-in support

Additional context

Add any other context or screenshots about the feature request here.