Bugfix: skipping default logic should only happen when authenticate f…

…ails (#505) * only skip default logic on authenticateFailure * move error to body * cleanup --------- Co-authored-by: Hammerbeck <andreas.hammerbeck@digdir.no>
Altinn · Aug 1, 2024 · 5f05912 · 5f05912
1 parent cf4fa79
commit 5f05912
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/src/Altinn.Broker.API/Helpers/JWTBearerEventsHelper.cs b/src/Altinn.Broker.API/Helpers/JWTBearerEventsHelper.cs
@@ -8,8 +8,8 @@ public static Task OnAuthenticationFailed(AuthenticationFailedContext context)
     {
         context.Response.StatusCode = StatusCodes.Status401Unauthorized;
         context.Response.ContentType = "application/json";
-        context.Response.Headers.Append("WWW-Authenticate", context.Options.Challenge + " error=\"invalid_token\", error_description=\"" + context.Exception.Message + "\"");
-        string err = "";
+        context.Response.Headers.Append("WWW-Authenticate", context.Options.Challenge + " error=\"invalid_token\"");
+        string err = context.Exception.Message;
         if (context.Exception is SecurityTokenInvalidIssuerException)
         {
             context.Response.StatusCode = StatusCodes.Status403Forbidden;

diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs
@@ -130,7 +130,10 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config
                 OnAuthenticationFailed = context => JWTBearerEventsHelper.OnAuthenticationFailed(context),
                 OnChallenge = c =>
                 {
-                    c.HandleResponse();
+                    if (c.AuthenticateFailure != null)
+                    {
+                        c.HandleResponse();
+                    }
                     return Task.CompletedTask;
                 }
             };