I am using a service user to subscribe/publish events using the WS API. However, it seems that a service user is considered “annonymous” and only has access to public assets.
In the logs I see: “Only public access allowed for anonymous requests”
Am I doing something wrong or is this expected behavior? Is there anyway I can workaround this?
You need to provide a Bearer authroization header when initially connecting to the websocket endpoint; the manager UI uses the websocket API so if you look in the network tab of your browser’s developer console you’ll be able to see what I mean.
“The realm of the authenticating user must also be included as an Auth-Realm query parameter.”
“Auth-” is still there.
Instead of {Bearer accessToken}, I think it would be slightly more correct and less confusing to put Bearer%20{accessToken}. “%20” is how a space is translated in a URL.