You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey @gnuton, sorry for the late response. Was out of office until yesterday.
I think it should rather be 401, since the requester is unauthenticated due to invalid/missing api key. 403 means 'credentials valid, but not enough permissions for the resource'.
I do not know how to test this any more, as I have not been using this module for years. But feel free to open a Pull Request with the regarding changes and tests. I will then try to run the tests and verify the code.
Hi there,
I have just found out something which is not consistent with HTTP status errors usage.
The issue is quite simple. If the API key is missing the strategy should return a 403 instead of a 400, since the access to the resource is forbidden due to invalid (missing) authentication.
Same issue for the line 45
https://github.com/hydra-newmedia/passport-headerapikey/blob/develop/src/Strategy.ts#L38
The text was updated successfully, but these errors were encountered: