Skip to content

Changing OAUTH2/OIDC dependencies response status code when Authorization header missing #5310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
felixilgatto wants to merge 3 commits into from
Closed

Changing OAUTH2/OIDC dependencies response status code when Authorization header missing #5310

felixilgatto wants to merge 3 commits into from

Conversation

@felixilgatto
Copy link

@felixilgatto felixilgatto commented Aug 27, 2022

Hello humans,

I recently have to use the OAuth and OpenID Connect dependencies and was not happy with the 403 status code while I was requesting my API without Header Authorization Header.
So I re-read the status code official documentation :

The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401

The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403

My understanding of these definition, and correct me if I'm wrong, is that if the Authorization header with correct scheme but an invalid token is set will be resulting in a 403 response, otherwise if no Authorization header is set response status code will be 401.

Please let me know if I'm thinking right.

Thank you,

@codecov

This comment was marked as outdated.

Sign in to view
@github-actions
Copy link
Contributor

github-actions bot commented Aug 27, 2022

📝 Docs preview for commit 7b87288 at: https://6309d692a0b05a4ffa7bbdbb--fastapi.netlify.app

@Kludex Kludex mentioned this pull request Aug 31, 2023
Closed
@YuriiMotov YuriiMotov mentioned this pull request Jun 11, 2025
Merged
@github-actions
Copy link
Contributor

github-actions bot commented Sep 5, 2025

This pull request has a merge conflict that needs to be resolved.

@github-actions github-actions bot added the conflicts Automatically generated when a PR has a merge conflict label Sep 5, 2025
@svlandeg
Copy link
Member

svlandeg commented Oct 21, 2025

Thanks for the contribution @felixilgatto 🙏. I'm closing this one in favour of #13786, which is more extensive and should (hopefully) address this issue once and for all.

@svlandeg svlandeg closed this Oct 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

conflicts Automatically generated when a PR has a merge conflict refactor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@felixilgatto @svlandeg @tiangolo