Tommaso Borgato created WFWIP-370: ------------------------------------- Summary: JWT Cookie: wrong HTTP code with wrong cookie name Key: WFWIP-370 URL: https://issues.redhat.com/browse/WFWIP-370 Project: WildFly WIP Issue Type: Bug Components: MP JWT Reporter: Tommaso Borgato Assignee: Darran Lofthouse [MP JWT 1.2|https://issues.redhat.com/browse/EAP7-1596] introduces the option of sending the JWT as cookie; When the application's {{microprofile-config.properties}} is configured as follows: {noformat} mp.jwt.token.header=Cookie mp.jwt.token.cookie=jws-correct-cookie {noformat} And the request sends the JWT in a cookie named {{jws-wrong-cookie}}, we'd expect a 401 HTTP code, since authentication cannot happen; Instead, the HTTP return code is 403 which means the request was authenticated but not authorized; -- This message was sent by Atlassian Jira (v8.13.1#813001)