At this line https://github.com/zfcampus/zf-apigility/blob/master/src/MvcAuth/UnauthorizedListener.php#L27 of code throw “403, ‘Forbidden’” for non-rest/non-rpc controllers but it was planed to be applicable only for rest/rpc controllers.
At this line https://github.com/zfcampus/zf-mvc-auth/blob/master/src/Authentication/DefaultAuthenticationListener.php#L173 of code is set ‘ZF\MvcAuth\Identity’ which is getted only in RestController here https://github.com/zfcampus/zf-rest/blob/master/src/RestController.php#L855 .
I am trying to add authentication adapter as I’ve describe here How to add authentication adapter to controller? .