OpenIDC/mod_auth_openidc

Unauthorized action returns 404 error code instead of 401

tamaldatta91 opened this issue · 1 comments

Discussed in #1165

Originally posted by tamaldatta91 January 22, 2024
I am trying to authorize a request on git server on Location "/" (where my git app server is running) by keycloak. While sending a wrong token, its giving status code 404.
I tried to use OIDCUnAuthAction 401, but it's not working.
My Location directive:
<Location "/">
AuthType oauth20
Require claim "realm_access.roles:TestRole"
LogLevel debug

For example, if I run a git clone operation with expired token and repo is not available at the moment, the response gives me like below.
error code: HTTP/1.1 404 Not Found
Though I received a header like this
WWW-Authenticate: Bearer error="invalid_token", error_description="JWT token could not be validated"