- // If a Authorization header was provided, never consider session as a fallback.
- const authorizationHeader = req.getHeader(Enum.Header.Authorization);
- if (authorizationHeader) {
- if (await this.isValidAuthorization(authorizationHeader, ctx)) {
- this.logger.debug(_scope, 'valid authorization', { ctx, sessionAlsoValid });
+ try {
+ // If a Authorization header was provided, never consider session as a fallback.
+ const authorizationHeader = req.getHeader(Enum.Header.Authorization);
+ if (authorizationHeader) {
+ if (await this.isValidAuthorization(authorizationHeader, ctx)) {
+ this.logger.debug(_scope, 'valid authorization', { ctx, sessionAlsoValid });
+ return true;
+ }
+ } else if (sessionAlsoValid
+ && await this.sessionCheck(req, res, ctx, undefined, false, false)) {
+ this.logger.debug(_scope, 'valid session', { ctx, sessionAlsoValid });