Update authentication status code assertions to allow 403 responses

ArtyomVancyan · ArtyomVancyan · commit d7fd942397df · 2026-02-23T15:51:47.000+04:00
diff --git a/tests/test_middleware.py b/tests/test_middleware.py
@@ -8,7 +8,7 @@
 async def test_middleware_on_authentication(get_app):
     async with AsyncClient(app=get_app(), base_url="http://test") as client:
         response = await client.get("/user")
-        assert response.status_code == 401  # Unauthorized
+        assert response.status_code in (401, 403)  # Unauthorized or Forbidden
 
         await client.get("/auth")  # Simulate login
 
@@ -27,7 +27,7 @@ async def test_middleware_on_logout(get_app):
         await client.get("/oauth2/logout")  # Perform logout
 
         response = await client.get("/user")
-        assert response.status_code == 401  # Unauthorized
+        assert response.status_code in (401, 403)  # Unauthorized or Forbidden
 
 
 @pytest.mark.anyio
diff --git a/tests/test_oauth2.py b/tests/test_oauth2.py
@@ -11,7 +11,7 @@
 async def oauth2_workflow(get_app, idp=False, ssr=True, authorize_query="", token_query="", use_header=False):
     async with AsyncClient(app=get_app(with_idp=idp, with_ssr=ssr), base_url="http://test") as client:
         response = await client.get("/user")
-        assert response.status_code == 401  # Unauthorized
+        assert response.status_code in (401, 403)  # Unauthorized or Forbidden
 
         response = await client.get("/oauth2/test/authorize" + authorize_query)  # Get authorization endpoint
         authorization_endpoint = response.headers.get("location") if ssr else response.json().get("url")
