Not logged in user gets 200 response, how to get 403

I have a mobile project as the front end for a node.js Wappler back end.

I have the security, log in and restrictions working on the back end but I want to have a page load in my app and if the user is not logged in, redirect to the login form.

Followed the tutorials and created everything which seems to be working but when I try to load a list of products (when not logged in) that should NOT work as it is restricted with a security provider, I get a 200 response with -
{“identity”:false,“query”:}
I thought it would return forbidden or 403 so I can redirect the user to the login.
the same happens if it access the api directly in my browser.
Do I need to specify this in my API steps?

Community Page
Last updated: