Hello BaseX Team,
I'm trying to implement a RESTXQ service that uses JWT tokens for authorization and authentication. For this purpose I use a permission check annotated function that validates the token and returns a 401 response if the token is invalid or missing.
declare %perm:check('/admin','{$perm}')function security:check-admin($perm) { let $token := $perm?authorization where empty($token) return rest:response <http:response status='401'> <http:header name='WWW-Authenticate' value='Bearer realm="c42"'/> </http:response> </rest:response> };
When I call the endpoint without token I get the expected response but the WWW-Authenticate header is different to the one that I have defined:
WWW-Authenticate Basic realm="BaseX"
Is there a way to override the BaseX provided header?
Thanks for your input.
Best regards Johannes