Ever since we switched to Okta authorization, an authorization header for bearer header with authorization token in order to authorize successfully. However, we have a few download links on the page using anchor , and clicking on these links now produce authorization failure error message:
<Error>
<Message>Authorization has been denied for this request.</Message>
</Error>
This was not happening before we switched to Okta, so I wonder if there is anything we can do about this. Can we pass the authorization bearer header to the anchor link somehow? Or do we have to create a backend to process the download link and send XHR with the authorization header instead?
This is Andrew from the Dev Support team. Would you be able to provide us with more context e.g. are you using one of our SDK’s, if so which one and what is the use-case that you are trying to achieve?
We are using the @okta/okta-auth-js SDK if this is what you were asking for? In general, users are authorized each request by sending a JWT bearer header with access token to the server. We just have a file upload system that our users can upload files and also view/download the files they have uploaded. Right now it works fine for them to upload files, but for file download it does not work as intended, clicking on the anchor link Download will result in the above Authorization denied error.
We were wondering if it is possible to bypass the authorization check for file download(the user is already authorized if he/she can access the page), or whether we have to send an AJAX request with JWT bearer and access token to authorize file download. Thanks.
@andrew1 Do you have any answers to this? We just want that the file download to bypass authorization header requirement otherwise every download link has to be done via an AJAX request to send access token as bearer header to the server.