Per Request access policy with OAuth Client Subroutine
I have a per request policy with a URI that is protected with a OAuth Client Typically this works by using 302 redirect either to /my.policy and then 302 to the OAuth server to get a new token My problem is for ajax calls, I would like to send 401's previous request for this suggested this as an example when ACCESS_SESSION_STARTED { if { [HTTP::header "X-Requested-With" ] equals "XMLHttpRequest" } { ACCESS::respond 401 } } The problem is that the APM session exist and its on the pre request sub-session so this doesn't work. I was thinking I could look at the JWT valid till date and if its passed then I could respond a 401 code. But how do I get to pre request session data from a irule if I do it as a irule event from access profile can I send a respond 401 ? It would be good if I can configue the oauth client to send 401 and not do redirect's Any help would be appreciatedSolved1.4KViews0likes6Comments