Endpoint access control not working?

I tried changing access control of a GET endpoint, but it doesn’t seem to work.
A user in a group that is not defined in the Group field, still get access.

To add further information, this endpoint has the reply type set to an experience page.
Maybe it has to be a “no static reply (use experience workflow to reply)” type to work?

@Lars_Andersson,

Unfortunately, I can’t reproduce this on my end.

However, there is an “Authorized Reply Type” and an “Unauthorized Reply Type” Could you confirm that you have the correct behavior there?

Also, can you send a screenshot of your route configuration?

I think I do.
will send screenshot as a PM

@Lars_Andersson,

So, what should happen is, if a user is not apart of the groups you defined, and tries to access /DSO, it should redirect to /login.

What behavior are you seeing?

That’s what I was hoping it would do, but it’s taking me to the experience page anyway.

Correction, it does not take me to that experience page, instead it takes me to the Home page

@Lars_Andersson,

What is the URL of your home page?

midmark.iotdiag.com
do I need to create a user for you to test?

@Lars_Andersson,

Yes, please do. Can you DM me with the credentials of the user?

I can’t seem to find how to send a DM

@Lars_Andersson,

No worries, I think may have what’s going on.

You’re route is redirecting to /login when unauthorized. However, after redirecting to /login, what happens?

Would you happen to be redirecting a user trying to access /login to / if they are authorized?

Yes, I think that’s what happening.

By the Way, I found how to send a DM, but it told me you are not accepting messages at this time.