Handle when error_description isn't present in www-authenticate header

mozilla · Nov 14, 2022 · c1c4076 · c1c4076
1 parent 8074279
commit c1c4076
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -3,6 +3,10 @@
 History
 -------
 
+pending
+=======
+* Fix bug in ``contrib.drf.OIDCAuthentication`` where ``error_description`` is assumed to be present in ``www-authenticate`` header despite it being optional in the spec.
+
 2.0.0 (2021-07-27)
 ==================
 

diff --git a/mozilla_django_oidc/contrib/drf.py b/mozilla_django_oidc/contrib/drf.py
@@ -86,7 +86,7 @@ def authenticate(self, request):
             # we can get from the www-authentication header) in the response.
             if resp.status_code == 401 and "www-authenticate" in resp.headers:
                 data = parse_www_authenticate_header(resp.headers["www-authenticate"])
-                raise exceptions.AuthenticationFailed(data["error_description"])
+                raise exceptions.AuthenticationFailed(data.get("error_description", "no error description in www-authenticate"))
 
             # for all other http errors, just re-raise the exception.
             raise
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,6 +3,10 @@ @@
     History
     -------
+    pending
+    =======
+    * Fix bug in ``contrib.drf.OIDCAuthentication`` where ``error_description`` is assumed to be present in ``www-authenticate`` header despite it being optional in the spec.
 .0.0 (2021-07-27)
     ==================
@@ Expand Down @@