Consider changing the order of your filters if you want the access token to take precedence.
On Sun, Oct 27, 2024 at 2:35 PM <[email protected]> wrote: > Yes, if I use a private browser window it works with the openapi-ui, but > then much like the other way around, the browser is "poisoned" and if I > attempt to go to the rest of the web application I just get a 401 and it > never sends me to the login page because it's going through the token > flow. I guess in a way this is Firefox's fault, but this doesn't seem like > that crazy of a scenario for an application. I assume I'm doing something > stupid :) > > We have 3 realms, one is form based, one is certificate based and now one > is token based. Is there a way that I've missed to limit certain URLs in > the shiro.ini to certain realms? > On 10/24/2024 2:51 PM, Francois Papon wrote: > > Hi, > > May be it's related to cookie or cache. Did you try to use the openapi-ui > with an private or incognito browser tab? > > regards, > > François > >
