Raise exception when no allowed issuers have been configured

Instead of warning & allowing all issuers.
inuits · Nov 20, 2023 · f9f54bf · f9f54bf
1 parent 27e8d57
commit f9f54bf
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -6,7 +6,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "inuits_policy_based_auth"
-version = "9.4.2"
+version = "9.5.0"
 description = "Module for securing API endpoints based on policies."
 readme = "README.md"
 authors = [{ name = "Inuits", email = "[email protected]" }]

diff --git a/...cy_based_auth/authentication/policies/token_based_policies/authlib_flask_oauth2_policy.py b/...cy_based_auth/authentication/policies/token_based_policies/authlib_flask_oauth2_policy.py
@@ -222,9 +222,7 @@ def authenticate_token(self, token_string):
         try:
             issuer = self.__get_issuer_from_token_string(token_string)
             if not self.allowed_issuers:
-                self.logger.warning(
-                    "No allowed issuers configured, allowing all issuers!"
-                )
+                raise Exception(f"No allowed issuers configured")
             elif issuer not in self.allowed_issuers:
                 raise Exception(f"Issuer {issuer} not allowed")
             jwks = self.__get_jwks(issuer)