check function issue when not passing arguments

[bluntcarrot]

So I am using the example provided and noticed I can do a get request on the '/user' endpoint without being logged in. To my understanding this should not happen because the check() middleware function is being called. This is the endpoint in the app:

app.get('/user', oidc.check(), function(req, res, next){ res.send('<h1>User Page</h1><div><a href="/client">See registered clients of user</a></div>'); });

Upon further investigation, it appears that check() function is calling next() if no arguments are passed. The issue starts on line 1022:

if(!scopes.length) { next(); }

If the if/else statement is removed everything seems to work fine. If this is not an issue, or I am just not understanding properly please let me know.

EDIT: I am continuing to work on this code and have now realized that what I mentioned above as a fix probably is not a good solution. However, inside the check() function the 'loggedIn' policy is set to false:

self.use({policies: {loggedIn: false}, models:['access', 'auth']})

The documentation mentions the function is used to check if the user is logged in. Is setting this to true the correct answer?