update: responding 401 when an authorization is claimed in the token but fails (!93) · Merge requests · djangoldp-packages / djangoldp-account

Calum Mackervoy requested to merge 77-token-fail-401 into master May 17, 2021

@jbpasquier this was a track which we hoped might fix your strange Solid-OIDC issue (where ports < 10000 were failing locally). It's also more spec-compliant

Could you also check that the change doesn't break the front-end please?

The unit tests confirm that it will now return 401 if I send it an Authorization ... token for an identity and I am not authenticated with that identity - if I send it a valid identity and don't have permission I get a 403, if I don't claim an identity using Authorization ... then I will be authenticated as an AnonymousUser

Note that the MR adds a Django REST Framework dependency. It could be achieved without DRF easily using a custom Exception class, but DRF is already a dependency of DjangoLDP which is a dependency of this package

Edited May 18, 2021 by Calum Mackervoy

update: responding 401 when an authorization is claimed in the token but fails

Merge request reports