return unauthorized instead of forbidden on invalid token

equinor · Apr 9, 2024 · 9a599e2 · 9a599e2
1 parent 229c4a6
commit 9a599e2
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/auth.go b/auth.go
@@ -28,18 +28,18 @@ func AuthHandler(subjects []string, verifier Verifier) http.Handler {
 		auth := r.Header.Get("Authorization")
 		jwt, err := parseAuthHeader(auth)
 		if err != nil {
-			w.WriteHeader(http.StatusForbidden)
+			w.WriteHeader(http.StatusUnauthorized)
 			_, _ = w.Write([]byte("Forbidden"))
-			log.Info().Err(err).Dur("latency", time.Since(t)).Int("status", http.StatusForbidden).Msg("Forbidden")
+			log.Info().Err(err).Dur("latency", time.Since(t)).Int("status", http.StatusUnauthorized).Msg("Unauthorized")
 			return
 		}
 
 		token, err := verifier.Verify(r.Context(), jwt)
 
 		if err != nil {
-			w.WriteHeader(http.StatusForbidden)
+			w.WriteHeader(http.StatusUnauthorized)
 			_, _ = w.Write([]byte("Forbidden"))
-			log.Info().Err(err).Dur("latency", time.Since(t)).Int("status", http.StatusForbidden).Msg("Forbidden")
+			log.Info().Err(err).Dur("latency", time.Since(t)).Int("status", http.StatusUnauthorized).Msg("Unauthorized")
 			return
 		}