fastapi-jwt-auth icon indicating copy to clipboard operation
fastapi-jwt-auth copied to clipboard

Published 20 hours ago verified publisher icon IndominusByte

401 on invalid token instead of 422?

Open SelfhostedPro opened this issue 4 years ago • 7 comments

Is there a way to return 401 when "Signature verification failed" instead of a 422 error? I get this when restarting my application if I was logged in previously (as I'm using a randomly generated secret key).

SelfhostedPro avatar Nov 10 '20 15:11 SelfhostedPro

yeah, you right but it depends on perspective its can 401 or 422, for all jwt decode error raised status code 422 for simplicity, in your opinion should I change to 401? btw this is code exceptions jwt decode error

Screen Shot 2020-11-11 at 00 02 17

IndominusByte avatar Nov 10 '20 16:11 IndominusByte

In my opinion, I think it should be a 401, or there should be a way to set it as 401 for a specific endpoint. Could I do something like the following?

def login:
  try:
    Authorize.jwt_required()
  except JWTException as exc:
    raise HTTPException(status_code=401, detail=exc.detail)

SelfhostedPro avatar Nov 12 '20 14:11 SelfhostedPro

Yeah you can if you want to change the status code in a specific endpoint it could be done like this

from fastapi_jwt_auth.exceptions import JWTDecodeError

@app.get('/user')
def user(Authorize: AuthJWT = Depends()):
    try:
        Authorize.jwt_required()
    except JWTDecodeError as err:
        status_code = err.status_code
        if err.message == "Signature verification failed":
            status_code = 401
        raise HTTPException(status_code=status_code,detail=err.message)

    current_user = Authorize.get_jwt_subject()
    return {"user": current_user}

IndominusByte avatar Nov 12 '20 14:11 IndominusByte

Hi @IndominusByte : In https://github.com/IndominusByte/fastapi-jwt-auth/blob/a6c06193319da0e4976c7472966f3a2891e0d50c/fastapi_jwt_auth/auth_jwt.py#L638 would it be okay to modify the following:

        except Exception as err:
            raise JWTDecodeError(status_code=422,message=str(err))

to instead raise the base jwt error (e.g., SignatureExpiredError)?

agordhandas avatar Nov 14 '20 19:11 agordhandas

Hi @agordhandas, instead create a new exception, I'll change the status code that doesn't fit the 422 status code based on pyjwt exceptions. I'll do later in the next version, thanks for your suggestion 🙏

IndominusByte avatar Nov 15 '20 04:11 IndominusByte

Hi @agordhandas, instead create a new exception, I'll change the status code that doesn't fit the 422 status code based on pyjwt exceptions. I'll do later in the next version, thanks for your suggestion 🙏

Any update on this?

danladis avatar Feb 08 '21 10:02 danladis

@IndominusByte Any update?

Btw I found a solution that works for me. I added an exception handler like this:

@app.exception_handler(AuthJWTException)
def authjwt_exception_handler(request: Request, exc: AuthJWTException):
    return responses.JSONResponse(
        status_code=401,
        content={"detail": exc.message}
    )

Elyasomer avatar Jul 26 '23 13:07 Elyasomer