From 97c8e630595c419595a8f20968bf06c88a40c553 Mon Sep 17 00:00:00 2001 From: Philipp Hug Date: Tue, 13 Dec 2016 14:30:12 +0100 Subject: [PATCH] Return 401 Unauthorized, when jwt is invalid --- jwt/proxy_handlers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwt/proxy_handlers.go b/jwt/proxy_handlers.go index 6955664..5357cfa 100644 --- a/jwt/proxy_handlers.go +++ b/jwt/proxy_handlers.go @@ -123,7 +123,7 @@ func NewJWTVerifierHandler(cfg config.VerifierConfig) (*StoppableProxyHandler, e handler := func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) { signedClaims, err := Verify(r, keyServer, nonceStorage, cfg.Audience.URL, cfg.MaxSkew, cfg.MaxTTL) if err != nil { - return r, goproxy.NewResponse(r, goproxy.ContentTypeText, http.StatusForbidden, fmt.Sprintf("jwtproxy: unable to verify request: %s", err)) + return r, goproxy.NewResponse(r, goproxy.ContentTypeText, http.StatusUnauthorized, fmt.Sprintf("jwtproxy: unable to verify request: %s", err)) } // Run through the claims verifiers.