Skip to content

fix(auth0-fastify-api): Use 401 instead of 400 when no access token provided #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
frederikprijck wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

fix(auth0-fastify-api): Use 401 instead of 400 when no access token provided #11

frederikprijck wants to merge 4 commits into from

Conversation

@frederikprijck
Copy link
Member

@frederikprijck frederikprijck commented Apr 1, 2025
edited
Loading

We want to return as 401, instead of a 400 in the case where the request has no authorization header.
When there is a malformed authorization header, we still return a 400.

@frederikprijck frederikprijck marked this pull request as draft April 10, 2025 21:06
panva
panva reviewed Apr 14, 2025
View reviewed changes
packages/auth0-fastify-api/src/index.ts
ommitHeaderDetails = false
) => {
const headerValue = ommitHeaderDetails
? `Bearer`
Copy link
Member

@panva panva Apr 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We actually have to have an auth-param component here in order for the www-authenticate to be valid as per its definition.

This can the form of WWW-Authenticate: Bearer realm="${currentUrlOrSomeArbitraryIdentifier}"

@evilstreak
Copy link

evilstreak commented Sep 15, 2025

Is this still planned? I started using this plugin today, and was surprised to get a 400 back rather than a 401 when no auth headers were sent. Would be great to see this change in a release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@panva panva panva left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@frederikprijck @evilstreak @panva