Can't skipAuthorization for JSON view

I’ve created a simple serialized JSON response based on the Cookbook example. Works fine, but only if the user is logged in. Otherwise I’m redirected to the login page. I have skipAuthorization() present in my controller just like with some of my other views.

I’m guessing there’s something simple I’m overlooking to allow a public JSON view? Thanks.

    public function allnets()
    {
        $this->Authorization->skipAuthorization();

        $allNets = $this->Nets->find()->contain(['Times']);

        $this->set('allNets', $allNets);
        $this->viewBuilder()->setClassName("Json");
        $this->viewBuilder()->setOption('serialize', ['allNets']);
    }

skip authorization means that you still need to be logged in but there are not “Role checks” aka policy checks applied

Are you sure you are not mixing up authorization and authentication?

1 Like

Yes, good call. I conflate the two all the time. Adding unauthenticated actions to the controller was the solution. Thanks!

public function beforeFilter(\Cake\Event\EventInterface $event)
{
    parent::beforeFilter($event);
    $this->Authentication->addUnauthenticatedActions(['action1', 'action2']);
}

Do auth allow in before filter

    public function beforeFilter(\Cake\Event\EventInterface $event)
    {

        parent::beforeFilter($event);

        $this->Auth->allow(['allnets');

    }

@yogeshsaroya The Auth component is not the same as the new Authentication & Authorization Plugins

So please don’t mix them up

@KevinPfeifer

He wanted to view JSON as public. so why not allow in auth to use without login ?
Please advice

Your mentioned code

    public function beforeFilter(\Cake\Event\EventInterface $event)
    {

        parent::beforeFilter($event);

        $this->Auth->allow(['allnets');

    }

uses the OLD Auth Component (see HERE)

This is NOT the same as what the original questions was referencing with

    public function allnets()
    {
        $this->Authorization->skipAuthorization();

        $allNets = $this->Nets->find()->contain(['Times']);

        $this->set('allNets', $allNets);
        $this->viewBuilder()->setClassName("Json");
        $this->viewBuilder()->setOption('serialize', ['allNets']);
    }

Where the NEW Authentication & Authorization Plugins are used.

See Migration from the AuthComponent - 2.x on how to migrate from the old AuthComponent ($this->Auth) to the new authentication plugins ($this->Authentication)