Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return 401 for JWT with invalid role #3601

Open
wolfgangwalther opened this issue Jun 17, 2024 · 0 comments
Open

Return 401 for JWT with invalid role #3601

wolfgangwalther opened this issue Jun 17, 2024 · 0 comments
Labels
bug http http compliance

Comments

@wolfgangwalther
Copy link
Member

A JWT with a role that doesn't exist on the server currently returns a 400 status code. Shouldn't this return a 401 as well, just like all the other JWT errors?

postgrest/test/io/test_io.py

Lines 84 to 88 in 465170c

headers = jwtauthheader({"role": "not_existing"}, SECRET)
response = postgrest.session.get("/", headers=headers)
# TODO: Should this return 401?
assert response.status_code == 400
assert response.json()["message"] == 'role "not_existing" does not exist'

@wolfgangwalther wolfgangwalther added bug http http compliance labels Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug http http compliance
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wolfgangwalther