Hi folks! Just trying confirm my understanding of how Service Tokens work, with regard to headers.
I had assumed that a valid service token would result in a JWT being added in the form of a cookie, as stated in the docs, but also in the
cf-access-jwt-assertion header, as with other flows. But I think I'm seeing that the header isn't added in this case. Is that true?
Thanks!1 Reply
Actually managed to test a bit more clearly and I think both might be added as expected. I'll mark this as answered but if I'm wrong please let me know. Cheers!