The annotation value require-whisk-auth: false on a web action leads the controller to reject the web action invocation.
The controller should handle the case of the annotation being set to boolean false as not requiring authentication rather than reject the call.
So this is the case where require-whisk-auth annotation is specified but the value is false.
I think it has not been noticed because if the annotation does not exist, it passes the authentication.
So anyone who does not require any authentication, they just skip configuring the annotation rather than set it explicitly.
But it looks clearly a bug.
@rabbah @style95 I think this task just requires one more case to be added
case JsFalse | JsBoolean(false) => true
If so, Can I please pick this issue?
@nitikagarw looks right - also will need a test.
Thank you for the contribution.
Thanks @nitikagarw for the contribution!