abraxxa
commented
6 months ago I found a workaround using $c->stash(status => 403); which isn't documented though.
Open abraxxa opened 6 months ago
abraxxa
commented
6 months ago I found a workaround using $c->stash(status => 403); which isn't documented though.
Mojolicious::Plugin::OpenAPI::Security should use http status code 403, not 401, when the user is authenticated but the authorization check fails. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403 for a good definition of the status codes.
I'd need it be let the frontend know the difference between unauthenticated (-> redirect to login page) and displaying an unauthorized error message but staying on the current page.
Thanks!