main bear
I have an auth and resource server talking to each other more or less OK but with my first custom API endpoint exposed, I'm having trouble detecting an unauthenticated token error from the resource server consistently
Auth server has an api route somewhat like the following:
Route::get('/verify', function (){
// token is good
return response()->json(['message' => 'Success']);
})->middleware('auth:api'); // token is goodn't
The POST oauth/authorize endpoint is working fine and (while this is likely overkill) I immediately try to hit the endpoint above to ensure the signature is good, etc but what instead of a 401 with maybe a JSON token containing a message or something as I'd expect such middleware to return, I get an HTML response of the login page
I get why you would want such a thing for oauth/authorize but is that true of api middleware as well and, if so, is there a more elegant way to check for an "unauthenticated" failure than checking the Content-Type?
sturdy bronze