01-28-2026, 11:44 PM
Hi Robert, IntraWeb’s built-in authentication is pretty tightly coupled to Basic auth, so there isn’t a simple switch to enable Bearer out of the box. The usual approach is to disable IntraWeb’s authentication and handle it yourself at the request level. You can read the Authorization header in an OnBeforeDispatch or OnRequest event, parse the Bearer token manually, validate it, and then decide whether to allow the request to continue. That way you’re free to support Bearer, JWT, or even multiple schemes at once, while still using IntraWeb as the web server.