Friend workflow for JWT

[Jonathon McKitrick]

Here's my workflow:

(defn workflow-jwt-signed
  [& {:keys [credential-fn] :as jwt-config}]
  (fn [{{:strs [authorization]} :headers :as request}]
    (when (and authorization (re-matches #"\s*Bearer\s+(.+)" authorization))
      (println "Found auth" authorization)
      (if-let [claims (try (-> (re-matches #"\s*Bearer\s+(.+)" authorization)
                               second
                               pts/get-jwt-token-from-string
                               (get-in [:claims]))
                           (catch Exception e
                             (println
                              "Invalid Authorization header for JWT auth: "
                              authorization)
                             #_(.printStackTrace e)))]
        (if-let [user-record ((cemerick.friend.util/gets
                               :credential-fn jwt-config
                               (::friend/auth-config request))
                              ^{::friend/workflow :jwt}
                              claims)]
          (workflows/make-auth user-record
                               {::friend/redirect-on-auth? false
                                ::friend/ensure-session false})
          (http-jwt-deny request))
        {:status 400
         :body "Malformed Authorization header for JWT authentication."}))))

But here's the problem: when the AJAX call protected by this workflow fails because the user is not logged in, it returns a login page.  I want it to return nil or something similar.  Does anyone know how to force such behavior when authentication fails?