Files
litellm/tests/test_litellm
ryan-crabbe-berriandGitHub 9d9558e78f fix(auth): preserve 401 status for expired JWTs in OTel traces (#29510)
* fix(auth): preserve 401 status for expired JWTs in OTel traces

Expired JWT access tokens raised a generic Exception with no status
code attached. Because the codeless exception was logged to OTel via
post_call_failure_hook before auth_exception_handler re-wrapped it as
ProxyException(401), the OTel span never set http.response.status_code
and trace viewers displayed it as a generic 500. Clients still got a
401 back, so traces and actual responses diverged.

Raise ProxyException(code=401, type=expired_key) directly at the source
in both JWT decode paths so the 401 is consistent across the client
response and the OTel http.response.status_code attribute, matching how
virtual-key expirations are handled.

* fix(auth): preserve 401 for expired JWTs on issuer-scoped path

The issuer-scoped JWT path (_auth_jwt_with_issuer) still raised a generic
Exception on expiry, surfacing as a 500 in client responses and OTel traces.
Raise ProxyException with expired_key/401 there too, matching auth_jwt, and
add a regression test exercising the issuer path end-to-end
2026-06-02 16:33:16 -07:00
..
2026-05-18 16:27:44 -07:00
2026-05-20 17:27:03 -07:00

Testing for litellm/

This directory 1:1 maps the the litellm/ directory, and can only contain mocked tests.

The point of this is to:

  1. Increase test coverage of litellm/
  2. Make it easy for contributors to add tests for the litellm/ package and easily run tests without needing LLM API keys.

File name conventions

  • litellm/proxy/test_caching_routes.py maps to litellm/proxy/caching_routes.py
  • test_<filename>.py maps to litellm/<filename>.py