sungwy commented on code in PR #12376:
URL: https://github.com/apache/iceberg/pull/12376#discussion_r2014648551
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -4458,7 +4458,9 @@ components:
# The fields `message` and `type` as indicated here are not presently
prescriptive.
UnauthorizedResponse:
description:
- Unauthorized. Authentication is required and has failed or has not yet
been provided.
+ Unauthorized. The REST Catalog SHOULD respond with the 401
UnauthorizedResponse when
+ the access token provided is expired, revoked, malformed, or invalid
for other reasons.
Review Comment:
Hi @mrcnc thank you for the review!
IHMO I think if the access token is malformed, I'd still consider 401 to be
the appropriate respones type vs 400 which I think would be more appropriate
when the format of the Request itself is malformed.
I took this verbiage directly from https://www.rfc-editor.org/rfc/rfc6750
under the `invalid_token` section:
```
invalid_token
The access token provided is expired, revoked, malformed, or
invalid for other reasons. The resource SHOULD respond with
the HTTP 401 (Unauthorized) status code. The client MAY
request a new access token and retry the protected resource
request.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
