Merge 11a6a4cea7 into 8032e21418

3 days ago · ea412922fd
3 changed files with 8 additions and 4 deletions
--- a/fastapi/security/open_id_connect_url.py
+++ b/fastapi/security/open_id_connect_url.py
@ -4,7 +4,7 @@ from fastapi.openapi.models import OpenIdConnect as OpenIdConnectModel
 from fastapi.security.base import SecurityBase
 from starlette.exceptions import HTTPException
 from starlette.requests import Request
-from starlette.status import HTTP_403_FORBIDDEN
+from starlette.status import HTTP_401_UNAUTHORIZED
 from typing_extensions import Annotated, Doc
@ -77,7 +77,9 @@ class OpenIdConnect(SecurityBase):
        if not authorization:
            if self.auto_error:
                raise HTTPException(
-                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
+                    status_code=HTTP_401_UNAUTHORIZED,
                    detail="Not authenticated",
                    headers={"WWW-Authenticate": "Bearer"},
                )
            else:
                return None
--- a/tests/test_security_openid_connect.py
+++ b/tests/test_security_openid_connect.py
@ -39,7 +39,8 @@ def test_security_oauth2_password_other_header():
 def test_security_oauth2_password_bearer_no_header():
    response = client.get("/users/me")
-    assert response.status_code == 403, response.text
+    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == "Bearer"
    assert response.json() == {"detail": "Not authenticated"}
--- a/tests/test_security_openid_connect_description.py
+++ b/tests/test_security_openid_connect_description.py
@ -41,7 +41,8 @@ def test_security_oauth2_password_other_header():
 def test_security_oauth2_password_bearer_no_header():
    response = client.get("/users/me")
-    assert response.status_code == 403, response.text
+    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == "Bearer"
    assert response.json() == {"detail": "Not authenticated"}