...
web | File "/usr/local/lib/python3.11/site-packages/flask_pyoidc/flask_pyoidc.py", line 455, in wrapper
web | token_introspection_result = self.introspect_token(
web | ^^^^^^^^^^^^^^^^^^^^^^
web | File "/usr/local/lib/python3.11/site-packages/flask_pyoidc/flask_pyoidc.py", line 388, in introspect_token
web | received_access_token = self._parse_access_token(request)
web | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
web | File "/usr/local/lib/python3.11/site-packages/flask_pyoidc/flask_pyoidc.py", line 362, in _parse_access_token
web | _, access_token = request.headers['Authorization'].split(maxsplit=1)
I'll add exception handling there to let the user know that it's a bad access token format. I have an open PR which does few changes to these methods, I'll add this fix there.
I stumbled upon a crash to an endpoint protected by
token_auth
, with a curl request for which I forgot to provide a token.The faulty line is this one: https://github.com/zamzterz/Flask-pyoidc/blob/26b123572cba0b3fa84482c6c0270900042a73c9/src/flask_pyoidc/flask_pyoidc.py#L362
This is reproducible in a repr: