shreemaan-abhishek opened a new pull request, #13693:
URL: https://github.com/apache/apisix/pull/13693

   ### Description
   
   Under the `multi-auth` plugin, `key-auth` returned the generic `Invalid API 
key in request` instead of the real failure reason, so the orchestrator could 
not surface *why* key-auth rejected the request. Its sibling auth plugins 
(`basic-auth`, `hmac-auth`, `jwt-auth`) already propagate the real reason via 
`auth_utils.is_running_under_multi_auth(ctx)`; key-auth was the one plugin 
skipped when this behavior was introduced (#11775 touched `utils/auth.lua` + 
basic/hmac/jwt but not key-auth).
   
   This applies APISIX's own established pattern to key-auth:
   
   - `find_consumer`: on the consumer-not-found path, return the real `failed 
to find consumer: <reason>` to the orchestrator when running under multi-auth 
(mirrors `basic-auth.lua`).
   - `rewrite`: on the anonymous-fallback failure, return the real error to the 
orchestrator when running under multi-auth (mirrors `hmac-auth.lua`).
   
   Standalone key-auth behavior is unchanged: clients still receive the generic 
message and the detailed reason is still logged.
   
   ### Tests
   
   - Updated `t/plugin/multi-auth2.t` TEST 3 to assert the detailed key-auth 
reason now reaches the multi-auth error log, plus a `no_error_log` guard that 
the old generic message is gone.
   - `t/plugin/multi-auth.t`, `t/plugin/multi-auth2.t`, `t/plugin/key-auth.t` 
all pass locally.
   - Added a note to `docs/en/latest/plugins/multi-auth.md`.
   
   ### Checklist
   
   - [x] I have explained the need for this PR and the problem it solves
   - [x] I have explained the changes or the new features added to this PR
   - [x] I have added tests corresponding to this change
   - [x] I have updated the documentation to reflect this change
   - [x] I have verified that this change is backward compatible


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to