Better 403 error handling for `INSUFFICIENT_PERMISSIONS`

[chronark]

Preliminary Checks

• [X] I have reviewed https://unkey.com/docs for existing features that would solve my problem

• [X] I have searched for existing feature requests: https://github.com/unkeyed/unkey/issues

• [X] This issue is not a question, general help request, or anything other than a feature request directly related to Unkey. Please ask questions in our Discord community: https://unkey.com/discord.

Is your feature request related to a problem? Please describe.

When a key is missing permissions, we only return the error

{
  "code": "INSUFFICIENT_PERMISSIONS",
  "message": "unauthorized"
}

This makes it really hard to understand which permissions are missing and act accordingly.

Describe the solution

Return a list of unsufficient permissions to the client. I'm not sure yet if this needs to be machine readable or if this would be enough:

{
  "code": "INSUFFICIENT_PERMISSIONS",
  "message": "missing permissions: [ \"perm1\", \"perm2\" ]"
}

Describe alternatives you have considered (if any)

making it machine-readable would also benefit us directly as we can build better assertions in our tests

Additional context

No response

[linear[bot]]

ENG-1088 Better 403 error handling for `INSUFFICIENT_PERMISSIONS`

[DeepaPrasanna]

May I work on this issue?

[perkinsjr]

May I work on this issue?

Hey there I am using this for an experiment so currently this is assigned to me

[DeepaPrasanna]

May I work on this issue?

Hey there I am using this for an experiment so currently this is assigned to me

Got it. Thank u so much :)