Closed jsamtsang closed 8 months ago
401 Unauthorized 403 Forbidden They are two different things
Definitely, but it hasn't been changed. In case of wrong authority/permission it returns 403 by default - https://github.com/DDtKey/protect-endpoints/blob/df3f0e07604eaef4b3cee00affefd0d4129f5a39/proc-macro/src/expand/poem.rs#L69-L74
And you can override it with error
attribute in macro
I think it was rejected on level of extractor - GrantsMiddleware::with_extractor(..)
(before checking the permission).
It returns the error you're returning from extraction function you've passed to the middleware.
It's technically means the authentication part hasn't passed successfully and you returned an error which poem
responded with. But it depends only on your implementation of extractor
Also check your error catchers, they may change the error.
Please, let me know if I can help somehow.
As far as I can see this is not relevant issue (based on description provided above). The behavior hasn't been changed, so I gonna close the issue in case of inactivity.
Thanks!
Please, let me know if I can help somehow.
As far as I can see this is not relevant issue (based on description provided above). The behavior hasn't been changed, so I gonna close the issue in case of inactivity.
Thanks!
Sorry, I forgot to reply to you.
you are right!
It's because my extractor is not set up properly.
poem-grants v2.0.0
I remember that in the ^1 version, there was no permission. The error message returned by interception was Forbidden 403. Why is the current request Unauthorized? This is completely inconsistent with the operational logic. Because Unauthorized means that the server cannot obtain the identity of the request, but my current request is that I have logged in and got the Token issued by the server, but I just don’t have permission to access a certain resource, so I think Forbidden 403 is right
401 Unauthorized 403 Forbidden They are two different things