In my WebCore App the process runs for the first page without the user logged in. As a result the JWT is not appended to the Request in TXDataWebConnection and all is well with the world.
However once the user is logged in the JWT is attached to the Request. Now the call to http://localhost:2024/AlphaServer/$model fails as Unauthorized (401). Seems strange that the world and his wife can access the model, but not a logged in user.
I thought it might be the length of the signing key as mentioned in Demo "music" does not work for me - BIZ / TMS XData - TMS Support Center (tmssoftware.com) but I'd have thought a GUID like 38B91F81-09C0-4329-9DAF-68FC4BC4AFF3 would be long enough? I did try making it longer, but no joy.
What else must the JWT contain to allow access?