abraxxa
commented
11 months ago I found a workaround using $c->stash(status => 403); which isn't documented though.
Closed abraxxa closed 2 months ago
abraxxa
commented
11 months ago I found a workaround using $c->stash(status => 403); which isn't documented though.
jhthorsen
commented
2 months ago It's documented in Mojolicious::Controller.
Mojolicious::Plugin::OpenAPI::Security should use http status code 403, not 401, when the user is authenticated but the authorization check fails. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403 for a good definition of the status codes.
I'd need it be let the frontend know the difference between unauthenticated (-> redirect to login page) and displaying an unauthorized error message but staying on the current page.
Thanks!