[Question] Authorization (.NET 8 template)

[jochem4207]

Hello,

This is purely a question, there doesn't seem to be any other way to ask them so thats why I created a bug report.

Question Is there a reason why only the GetTodosQuery has the [Authorize] Attribute? To me it seems that the entire controller or All todo interactions should be locked? For me it feels if the user would use a direct uri to /todo/{id} it would work (cause the ExportTodosQuery is not marked with an [Authorize] but the /todo is authorized. So it looks weird.

Is this purely because its a demo to show that some actions are authorized and some not? Does the front-end automatically pickup on this?

Thank you a lot for this template!