Prism proxy returns 401 when the actual response from the server is 403
asos-ankuranurag opened this issue · comments
Context
I am using prism proxy for contract testing and I have got an OpenAPI specs with following definition on security scheme(snippet).
openapi: 3.0.1
paths:
/finance/<path>/v1/resource/{id}/name:
get:
security:
- bearerAuth: []
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
description: "Authentication and Authorization is achieved using access tokens"
bearerFormat: JWT
Current Behavior
When we send an unathorised token we get 403 from our server(which is correct). However, prism seems to convert the status code to 401 with error Violation: request Invalid security scheme used
Note: The token is valid it is just not authorised to the access the resource not belonging to the user.
Expected Behavior
Should it not just return the 403 error instead ? The actual status code from the server. The token was valid The specification file has got definition for 403 response code.
Possible Workaround/Solution
Steps to Reproduce
Environment
- Version used: 5.8.1
- Environment name and version (e.g. Chrome 39, node.js 5.4):
- Operating System and version (desktop or mobile): widnows 11
- Link to your environment/workspace/project:
@asos-ankuranurag please provide an example oas document that includes the responses, along with the prism proxy command you used.
Hi Brenda Rearden,
Thanks for replaying. Please find attached the openapi specification file .
The command used was :
prism proxy -v debug
specs.zip
This ticket has been labeled jira. A tracking ticket in Stoplight's Jira (STOP-535
) has been created.