So that a browser would show the login page if no authentication is provided, but the backend would accept calls with a valid bearer token header as well.
Is that possible? If so, how?
We have several kubernetes services in the same namespace behind an ingress and annotated the ingress with
ingress.bluemix.net/appid-auth: "bindSecret=binding-appidname namespace=somenamespace requestType=api serviceName=service-a"
requestType=web will work too, but requestType=api,web does not work, neither does adding the annotation twice with the respective request types.
The AppId Documentation (https://console.bluemix.net/docs/services/appid/tutorial-kubernetes-auth.html) states in the descriptino of "serviceName": To use multiple request types in the same cluster, configure an instance of App ID to use web and another to use api., so I got the impression it should be possible to use both at the same time.
You can protect multiple services with different requestTypes in the same namespace using Ingress annotation. The syntax is:
ingress.bluemix.net/appid-auth: "bindSecret=binding-appid-01 requestType=web serviceName=service1;bindSecret=binding-appid-01 requestType=api serviceName=service2;bindSecret=binding-appid-02 requestType=web serviceName=service3;"