Observed behavior
I seem to have noticed that when enabling Auth Callout, it seems to pass all users to it, even if they should have been authenticated via another means, such as username/password, token or client certificate.
Is there a reason why this happens? To me this feels like a defect. Auth Callout should just be one way of authenticating and likely a fallback when no other user matches.
This is a blocker for me as I use Client Certificates to authenticate my backend services, which is entirely handled via mTLS, but I use Auth Callout via Websocket, which is then authenticated using my identity platform, for external clients.
Unless I'm missing something, this should be a feature of NATS Authentication and seems like a fairly easy solution.
Expected behavior
Clients should be able to authenticate with NATS with whatever is defined in the NATS config.
Server and client version
latest
Host environment
No response
Steps to reproduce
No response
Observed behavior
I seem to have noticed that when enabling Auth Callout, it seems to pass all users to it, even if they should have been authenticated via another means, such as username/password, token or client certificate.
Is there a reason why this happens? To me this feels like a defect. Auth Callout should just be one way of authenticating and likely a fallback when no other user matches.
This is a blocker for me as I use Client Certificates to authenticate my backend services, which is entirely handled via mTLS, but I use Auth Callout via Websocket, which is then authenticated using my identity platform, for external clients.
Unless I'm missing something, this should be a feature of NATS Authentication and seems like a fairly easy solution.
Expected behavior
Clients should be able to authenticate with NATS with whatever is defined in the NATS config.
Server and client version
latest
Host environment
No response
Steps to reproduce
No response