From c5079ac15ed2435e846d46eb8c64d9824bb41078 Mon Sep 17 00:00:00 2001
From: blotus <sebastien@crowdsec.net>
Date: Fri, 25 Nov 2022 14:35:50 +0100
Subject: [PATCH] invalidate agent token on 403 as well (#1888)

---
 pkg/apiclient/auth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/apiclient/auth.go b/pkg/apiclient/auth.go
index 87d725e80..6898ffe2a 100644
--- a/pkg/apiclient/auth.go
+++ b/pkg/apiclient/auth.go
@@ -194,7 +194,7 @@ func (t *JWTTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 		dump, _ := httputil.DumpResponse(resp, true)
 		log.Tracef("resp-jwt: %s (err:%v)", string(dump), err)
 	}
-	if err != nil || resp.StatusCode == 401 {
+	if err != nil || resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusUnauthorized {
 		/*we had an error (network error for example, or 401 because token is refused), reset the token ?*/
 		t.token = ""
 		return resp, errors.Wrapf(err, "performing jwt auth")