djangorestframework-api-key icon indicating copy to clipboard operation
djangorestframework-api-key copied to clipboard

Published 20 hours ago verified publisher icon florimondmanca

Misleading message when API key is expired

Open ethanstrominger opened this issue 1 year ago • 3 comments

Describe the bug When api key is expired I get a 401 the response error message says "Authentication credentials were not provided". The tests in djangorestframework-api-key expect 403. Is there some configuration I can do?

To Reproduce Steps to reproduce the behavior:

  1. Add an API Key record and set expiration date to the future.
  2. Create an API which uses [HasApiKey]
  3. Call the API from client code with the key created in step 1. It will succeed.
  4. Modify the API key expiration date to be
  5. Call the API from client code again. As expected, it will fail, but with a status code of 403, error message is misleading: Authentication credentials were not provided. This is misleading, as the credentials were provided and does not match test results from djangorestframework-api-key.

ethanstrominger avatar Sep 12 '24 03:09 ethanstrominger