Context

I am using prism proxy for contract testing and I have got an OpenAPI specs with following definition on security scheme(snippet).

openapi: 3.0.1
paths:
   /finance/<path>/v1/resource/{id}/name:
    get:
      security:
        - bearerAuth: []
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: "Authentication and Authorization is achieved using access tokens"
      bearerFormat: JWT

Current Behavior

When we send an unathorised token we get 403 from our server(which is correct). However, prism seems to convert the status code to 401 with error Violation: request Invalid security scheme used

Note: The token is valid it is just not authorised to the access the resource not belonging to the user.

Expected Behavior

Should it not just return the 403 error instead ? The actual status code from the server. The token was valid The specification file has got definition for 403 response code.

Possible Workaround/Solution

Steps to Reproduce

Environment

• Version used: 5.8.1
• Environment name and version (e.g. Chrome 39, node.js 5.4):
• Operating System and version (desktop or mobile): widnows 11
• Link to your environment/workspace/project:

@asos-ankuranurag please provide an example oas document that includes the responses, along with the prism proxy command you used.

Hi Brenda Rearden,

Thanks for replaying. Please find attached the openapi specification file .

The command used was :
prism proxy -v debug
specs.zip

This ticket has been labeled jira. A tracking ticket in Stoplight's Jira (STOP-535) has been created.