Merge pull request #472 from akatsoulas/pr471-error-desc

Handle when error_description isn't present in www-authenticate header
mozilla · Nov 14, 2022 · ca7e8b8 · ca7e8b8
2 parents 8074279 + 9cde115
commit ca7e8b8
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -3,6 +3,10 @@
 History
 -------
 
+pending
+=======
+* Fix bug in ``contrib.drf.OIDCAuthentication`` where ``error_description`` is assumed to be present in ``www-authenticate`` header despite it being optional in the spec.
+
 2.0.0 (2021-07-27)
 ==================
 

diff --git a/mozilla_django_oidc/contrib/drf.py b/mozilla_django_oidc/contrib/drf.py
@@ -86,7 +86,11 @@ def authenticate(self, request):
             # we can get from the www-authentication header) in the response.
             if resp.status_code == 401 and "www-authenticate" in resp.headers:
                 data = parse_www_authenticate_header(resp.headers["www-authenticate"])
-                raise exceptions.AuthenticationFailed(data["error_description"])
+                raise exceptions.AuthenticationFailed(
+                    data.get(
+                        "error_description", "no error description in www-authenticate"
+                    )
+                )
 
             # for all other http errors, just re-raise the exception.
             raise
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,6 +3,10 @@ @@
     History
     -------
+    pending
+    =======
+    * Fix bug in ``contrib.drf.OIDCAuthentication`` where ``error_description`` is assumed to be present in ``www-authenticate`` header despite it being optional in the spec.
 .0.0 (2021-07-27)
     ==================
@@ Expand Down @@