The "/jsonrpc" route (jsonrpc.handler) requires _auth: ['basic_auth', 'oauth2']
This is problematic when trying to login with a passkey as no auth is available at the time.
For now I've just copied the jsonrpc.handler route definition into my own module, given it a new path and removed the _auth with is great for my local testing and development - but not so good for production.
Am I missing anything obvious (I really feel like I might be)?
I have checked both "login by passkey" and "use jsonrpc services" permissions for both authenticated and anonymous users.
Try to call either user.request_options or user.authenticate_request via /jsonrpc with basic auth or oauth.
I don't think calls to any of the plugins provided by this module should require either basic auth or oauth.
Active
1.0
Documentation
This seems to be a major bug.
I am using cookie auth with JSON:RPC (which is not officially supported, via ✨ Support for cookie auth? Postponed ) on my project to build this module, which for some reason doesn't have this problem.
As you suggest, we should probably disable the auth checks in JSON-RPC.