I have a Flask (2.2.3) app with Flask-RESTX (1.1.0) used as an API (without frontend). I’m using flask-azure-oauth library to authenticate users using Azure AD. The setup is:
from flask import Flask, current_app
from flask_azure_oauth import FlaskAzureOauth
from flask_restx import Api
app = Flask(__name__)
api = Api(app, <...>)
CORS(app)
auth = FlaskAzureOauth()
auth.init_app(app)
# App routes
@api.route("/foo")
class FooCollection(Resource):
@auth('my_role')
def get(self):
return [<...>]
This was working fine, but since a few days I started to receive Unauthorized responses when passing valid token. Unfortunately I am not able to track the reason – tokens seem fine (examined manually or decoded using jwt.ms) and the only response I have from API is: 401 UNAUTHORIZED with response body { "message": null }.
I tried to add error logging and error handlers:
# Logging request/response
@app.before_request
def log_request_info():
app.logger.debug(f"{request.method} {request.path} {request.data}")
@app.after_request
def log_response_info(response):
app.logger.debug(f"{response.status}")
return response
# Error handling
@app.errorhandler(Unauthorized)
def handle_error(error):
current_app.logger.debug(f"Oops")
<...>
@app.errorhandler
def handle_error(error):
current_app.logger.debug(f"Noooo...!")
<...>
With this, request and response are logged and non-HTTP exceptions are handled by handle_error. But HTTP errors like 404, 401, … are just passing by, ignored by both generic error handler and a specific one (@app.errorhandler(Unauthorized)).
So how do I properly intercept and examine them? (with focus on: how do I find out why it denied token authorization)