webbnh
commented
1 year ago I suspect a new unit test case would be appropriate?
That's a good point.
However, according to the coverage report, the only case which is missing is an exception arising from looking up the API key in the database...which is a very unlikely case...not one which is hard to test, but one which should never arise, and, moreover, the value of testing it is very low.
Given the low bang, despite the small buck, I think I'll concentrate on other things.
This PR follows up on https://github.com/distributed-system-analysis/pbench/pull/3399#discussion_r1176916933, making token validation slightly more robust: we will now check if the bearer token is a valid API key after any failure to validate it as an OIDC access token.