This commit is contained in:
Owen
2026-07-08 21:44:20 -04:00
parent 67a3d226f5
commit 6d129c0738
+5 -2
View File
@@ -736,11 +736,14 @@ export async function verifyResourceSession(
} }
} }
// If headerAuthExtendedCompatibility is activated but no clientHeaderAuth provided, force client to challenge // If headerAuthExtendedCompatibility is activated but no clientHeaderAuth provided, force client to challenge.
// Skip the challenge when SSO is also enabled so browsers get the SSO redirect instead of a native Basic
// Auth dialog; clients that proactively send Authorization: Basic are still accepted above.
if ( if (
headerAuthExtendedCompatibility && headerAuthExtendedCompatibility &&
headerAuthExtendedCompatibility.extendedCompatibilityIsActivated && headerAuthExtendedCompatibility.extendedCompatibilityIsActivated &&
!clientHeaderAuth !clientHeaderAuth &&
!sso
) { ) {
return headerAuthChallenged(res, redirectPath, resource.orgId); return headerAuthChallenged(res, redirectPath, resource.orgId);
} }