Base Distribution - Work Package #45088: Improved REST support
Support for "sessionless authentication"
Currently Flow relies on a session to be active in at least three places:
\TYPO3\Flow\Security\Context::setInterceptedRequest()if an entryPoint is defined. Setting the intercepted request starts a session. This can be worked around by avoiding entryPoint or using requestPatterns to limit them only to certain parts of an application that allow sessions. #45100 might also be a solution for that
authenticatedTokensignal after successful authentication which is configured to call
\TYPO3\Flow\Security\Authentication\AuthenticationProviderManager::isAuthenticated()returns FALSE if no session was started/can be resumed