invalid verified claim (option) should throw 401 instead of 403 #2409

krunaljhaveri · 2017-04-18T19:37:30Z

When we enable JWT plugin and optional verified claims to check expiry of JWT token, Kong throws 403 error with message token expired. This should be 401 error.

Follow: https://getkong.org/plugins/jwt/

Optional verified claims.

On invalid claims the JWT plugin returned `403 forbidden` instead of the `401 unauthorized`. fixes #2409

saamalik · 2017-05-13T23:38:20Z

Looks like this got resolved!

Tieske changed the title ~~invalid verified claim (option) should through 401 instead of 403~~ invalid verified claim (option) should throw 401 instead of 403 Apr 21, 2017

Tieske mentioned this issue Apr 21, 2017

fix(jwt-auth) return 401 unauthorized instead of 403 #2433

Merged

Tieske added a commit that referenced this issue Apr 21, 2017

fix(jwt-auth) return 401 unauthorized instead of 403

04fd055

On invalid claims the JWT plugin returned `403 forbidden` instead of the `401 unauthorized`. fixes #2409

Tieske closed this as completed in #2433 Apr 21, 2017

Tieske added a commit that referenced this issue Apr 21, 2017

fix(jwt-auth) return 401 unauthorized instead of 403 (#2433)

35467cc

On invalid claims the JWT plugin returned `403 forbidden` instead of the `401 unauthorized`. fixes #2409

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

invalid verified claim (option) should throw 401 instead of 403 #2409

invalid verified claim (option) should throw 401 instead of 403 #2409

krunaljhaveri commented Apr 18, 2017

saamalik commented May 13, 2017

invalid verified claim (option) should throw 401 instead of 403 #2409

invalid verified claim (option) should throw 401 instead of 403 #2409

Comments

krunaljhaveri commented Apr 18, 2017

saamalik commented May 13, 2017