override unauthorized 400 to 401#175
override unauthorized 400 to 401#175prashantpandeygit wants to merge 5 commits intoopenclimatefix:mainfrom
Conversation
|
@peterdudfield I have made the override, it will show 401(unauthorized) instead of 400, but will have the description of 401, so either we could keep it to show the correct description or replace the text with "unauthorized access attempt" and below it log the error, whatever you prefer. hope this helps, thanks! |
| claims = await validator_dependency(request) | ||
| except HTTPException as e: | ||
| if e.status_code == 400: | ||
| raise HTTPException(status_code=401, detail=e.detail) from e |
There was a problem hiding this comment.
shouldnt we be raised 403 for unauthorized?
Is there a way to see the e error message? And only raise 403 id its an unauthorized error, but not other ones
There was a problem hiding this comment.
i did 401 as it was done previously with the pyjwt lib, but i will change it to 403 only for unauthorized
| if ( | ||
| e.status_code == 400 and | ||
| isinstance(e.detail, dict) and | ||
| e.detail.get("error") == "invalid_request" |
There was a problem hiding this comment.
is does invalid_request appear if and only if when the user is not authenticated?
There was a problem hiding this comment.
yes only when not authenticated, or missing token (i checked in the library code itself in the venv, as there is no docs for this)
2 participants
Pull Request
Description
Convert auth0 400 bad request to 401 unauthorized, as the auth0-fastapi-api library returns error 400 by default for any kind of auth failures, changed the 400s to 401 as it was done before #170 with pyjwt
Fixes #173