libs/common/oapi/services/auth.js

@@ -47,18 +47,27 @@ module.exports = function () {
           { error: err },
           "Allowing expired JWT for meta.auth-token scope"
         )
-        const req = reqCtx.get("req")
+        // Continue processing with expired JWT
-        const authTokenHeader = req?.headers?.["x-auth-token"]
+      } else {
-        if (!authTokenHeader) {
+        logger.error({ error: err }, "jwVerify failed")
-          return false
+        return false
-        }
-        // Create a session that indicates auth token processing is needed
-        const session = { isAuthTokenRequest: true, authToken: authTokenHeader }
-        reqCtx.set("session", session)
-        return true
       }
-      logger.error({ error: err }, "jwVerify failed")
+    }
-      return false
+
+    // For meta.auth-token scope, check for X-Auth-Token header
+    if (hasMetaAuthToken) {
+      const req = reqCtx.get("req")
+      console.log("req?.headers", req?.headers)
+      const authTokenHeader = req?.headers?.["x-auth-token"]
+
+      if (!authTokenHeader) {
+        return false
+      }
+
+      // Create a session that indicates auth token processing is needed
+      const session = { isAuthTokenRequest: true, authToken: authTokenHeader }
+      reqCtx.set("session", session)
+      return true
     }
 
     // Regular user JWT processing