update: responding 401 when an authorization is claimed in the token but fails
Closes #77 (closed)
@jbpasquier this was a track which we hoped might fix your strange Solid-OIDC issue (where ports < 10000 were failing locally). It's also more spec-compliant
Could you also check that the change doesn't break the front-end please?
The unit tests confirm that it will now return 401
if I send it an Authorization ...
token for an identity and I am not authenticated with that identity - if I send it a valid identity and don't have permission I get a 403
, if I don't claim an identity using Authorization ...
then I will be authenticated as an AnonymousUser
Note that the MR adds a Django REST Framework dependency. It could be achieved without DRF easily using a custom Exception class, but DRF is already a dependency of DjangoLDP which is a dependency of this package