My team is using the auth0-angular npm package, using the AuthService to do our authentication for users, and have an HTTP interceptor configured to send the Authorization header along to our backend, which is doing JWT checks and so requires it. As long as we assume the user can sign in, we have no issues with our architecture.
Is it possible, though, or even best practice, to provide a public option in which the user doesn’t need to sign up or sign in? When we try to not authenticate automatically, the AuthService continues to try anyway if we inject it anywhere. Can a JWT-locked API work without that user information?
Thanks in advance!