Fix incorrect args and request method#421
Conversation
aaspinwall
left a comment
There was a problem hiding this comment.
Nice catch! We definitely should change get to post but I think we should split the difference and keep the authorization token on the post request. Since the header is getting requested and sent, it means it's not contained in the api store yet.
I think this needs some more investigation- Meaning, the backend is able to extract and validate the auth token, even if we don't pass it as an argument to I definitely prefer it being explicit (passing it to I'll look more closely at what's happening with |
|
@aaspinwall I've restored the header w/token. |
While investigating #407, I noticed that the API call to
auth/oidc/authenticatewas incorrect.POST.Removed unused headers.Side note:
I haven't looked into it, but I suspect that the headers are added by
oidc-client-tsand ourapi.call()function automatically includes the headers.The backend automatically extracts and uses the auth token from the headers via the
requireOIDCAuthmiddleware.