From c5239533eb21684d6bc6c89e9c7072c93386aee4 Mon Sep 17 00:00:00 2001
From: prashantpandeygit <prashantpandeyiuet@gmail.com>
Date: Fri, 9 Jan 2026 17:46:23 +0530
Subject: [PATCH 1/3] override unauthorized 400 to 401

---
 src/quartz_api/internal/middleware/auth.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/quartz_api/internal/middleware/auth.py b/src/quartz_api/internal/middleware/auth.py
index 95045fc..b42acf5 100644
--- a/src/quartz_api/internal/middleware/auth.py
+++ b/src/quartz_api/internal/middleware/auth.py
@@ -69,6 +69,9 @@ async def _proxy_dependency(
             try:
                 claims = await validator_dependency(request)
             except HTTPException as e:
+                if e.status_code == 400:
+                    raise HTTPException(status_code=401, detail=e.detail) from e
+
                 if e.status_code == 403:
                     log.info(f"Unauthorized access attempt: {e.detail}")
 

From 9ec716ef951603f44acdce1b69c72fa450e367e4 Mon Sep 17 00:00:00 2001
From: prashantpandeygit <prashantpandeyiuet@gmail.com>
Date: Fri, 9 Jan 2026 20:37:35 +0530
Subject: [PATCH 2/3] unauthorized from auth0 to raise 403

---
 src/quartz_api/internal/middleware/auth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/quartz_api/internal/middleware/auth.py b/src/quartz_api/internal/middleware/auth.py
index 8f98b99..fdfe7da 100644
--- a/src/quartz_api/internal/middleware/auth.py
+++ b/src/quartz_api/internal/middleware/auth.py
@@ -70,7 +70,9 @@ async def _proxy_dependency(
                 claims = await validator_dependency(request)
             except HTTPException as e:
                 if e.status_code == 400:
-                    raise HTTPException(status_code=401, detail=e.detail) from e
+                    # override to 403 if its an Auth0 invalid_request error
+                    if isinstance(e.detail, dict) and e.detail.get("error") == "invalid_request":
+                        raise HTTPException(status_code=403, detail=e.detail) from e
 
                 if e.status_code == 403:
                     log.info(f"Unauthorized access attempt: {e.detail}")

From 69eb5f0af40c8404b1734407b5991d63628992ec Mon Sep 17 00:00:00 2001
From: prashantpandeygit <prashantpandeyiuet@gmail.com>
Date: Fri, 9 Jan 2026 20:42:41 +0530
Subject: [PATCH 3/3] refactor nested ifs

---
 src/quartz_api/internal/middleware/auth.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/quartz_api/internal/middleware/auth.py b/src/quartz_api/internal/middleware/auth.py
index fdfe7da..d05293c 100644
--- a/src/quartz_api/internal/middleware/auth.py
+++ b/src/quartz_api/internal/middleware/auth.py
@@ -69,10 +69,13 @@ async def _proxy_dependency(
             try:
                 claims = await validator_dependency(request)
             except HTTPException as e:
-                if e.status_code == 400:
+                if (
+                    e.status_code == 400 and
+                    isinstance(e.detail, dict) and
+                    e.detail.get("error") == "invalid_request"
+                ):
                     # override to 403 if its an Auth0 invalid_request error
-                    if isinstance(e.detail, dict) and e.detail.get("error") == "invalid_request":
-                        raise HTTPException(status_code=403, detail=e.detail) from e
+                    raise HTTPException(status_code=403, detail=e.detail) from e
 
                 if e.status_code == 403:
                     log.info(f"Unauthorized access attempt: {e.detail}")