Invalid JWT token on /token/validate results in 200 status instead of 401

The `/token/validate` endpoint returns an HTTP response body indicating a "401 Unauthorized" error when called with an invalid JWT token, but the HTTP status code is always set to 200.

**Steps to Reproduce:**

1. Call `/token/validate` with an invalid or malformed JWT token.
2. Notice that the response body contains `"401 Unauthorized"`.
3. Observe that the HTTP status code is 200 instead of the expected 401.

**Expected Behavior:**  
- When an invalid JWT token is provided, the API should return a **401 HTTP status code**.
- The response body should clearly indicate the unauthorized access error.

**Actual Behavior:**  
- The function in [token.go#L79](https://github.com/stefanprodan/podinfo/blob/master/pkg/api/http/token.go#L79) produces a response body with "401 Unauthorized".
- However, due to the logic in [http.go#L86](https://github.com/stefanprodan/podinfo/blob/master/pkg/api/http/http.go#L86), the response is sent with a 200 HTTP status code.

**Impact:**  
This mismatch can mislead clients, causing them to interpret error responses as successful ones, which may lead to improper error handling. In our case, we attempted to use podinfo as a forwardAuth stub in Traefik Middleware (for testing).



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Invalid JWT token on /token/validate results in 200 status instead of 401 #392

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Invalid JWT token on /token/validate results in 200 status instead of 401 #392

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions