mirror of
https://github.com/tiennm99/litellm.git
synced 2026-07-12 23:05:52 +00:00
9d9558e78f
* fix(auth): preserve 401 status for expired JWTs in OTel traces Expired JWT access tokens raised a generic Exception with no status code attached. Because the codeless exception was logged to OTel via post_call_failure_hook before auth_exception_handler re-wrapped it as ProxyException(401), the OTel span never set http.response.status_code and trace viewers displayed it as a generic 500. Clients still got a 401 back, so traces and actual responses diverged. Raise ProxyException(code=401, type=expired_key) directly at the source in both JWT decode paths so the 401 is consistent across the client response and the OTel http.response.status_code attribute, matching how virtual-key expirations are handled. * fix(auth): preserve 401 for expired JWTs on issuer-scoped path The issuer-scoped JWT path (_auth_jwt_with_issuer) still raised a generic Exception on expiry, surfacing as a 500 in client responses and OTel traces. Raise ProxyException with expired_key/401 there too, matching auth_jwt, and add a regression test exercising the issuer path end-to-end