Details
-
Bug
-
Resolution: Fixed
-
High
-
3.3.6
-
None
Description
Steps to reproduce
- Enable JWT (https://doc.ibexa.co/en/latest/guide/security/#jwt-authentication)
- Generate a new token
- Perform REST call that uses POST method (for instance: create content)
Result
An exception about missing permissions is thrown.
Root cause
By its nature JWT is stateless. LoginListener starts session and therefore the operation is executed as anonymous user.
Designs
Attachments
Issue Links
- relates to
-
EZEE-3331 Recommendation Client sends login notification even if user logged via API (REST / GraphQL)
- Closed