Api: Return a 403 for missing authorization when requesting a JWT token

TYPE: Bugfix
OneGov · Dec 10, 2024 · 7d33b93 · 7d33b93
1 parent 13d6a10
commit 7d33b93
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/onegov/api/views.py b/src/onegov/api/views.py
@@ -258,6 +258,9 @@ def get_time_restricted_token(
     self: AuthEndpoint, request: 'CoreRequest'
 ) -> dict[str, str]:
     try:
+        if request.authorization is None:
+            raise HTTPUnauthorized()
+
         return get_token(request)
     except Exception as exception:
         raise ApiException(exception=exception) from exception