`on_failure` callback is not called if "Authorization" header is missing

indigo-dc / flaat

FLAsk with Access Tokens - FLAAT

MIT License

11 stars 6 forks source link

`on_failure` callback is not called if "Authorization" header is missing #76

Closed marcvs closed 7 months ago

marcvs commented 7 months ago

Expected behaviour would be that an authorization failure happens also, if there is no "Authorization" header at all, not just if it contains an invalid AccessToken.

marcvs commented 7 months ago

Remove the credentials: HTTPBasicCredentials = Depends(security) stance, or fastapi will take control before flaat can