Summary
policyengine-household-api fails open when auth is enabled but misconfigured.
Severity
High
Impact
A production deployment with incomplete Auth0 configuration silently becomes public instead of refusing to start.
Affected code
policyengine_household_api/decorators/auth.py:97-130config/production.yaml.example:19-24policyengine_household_api/api.py:35-70
Details
If auth.enabled is true but auth0.address/auth0.audience are missing, _setup_authentication() logs a warning and installs NoOpDecorator().
Expected behavior
When auth is requested but config is invalid, startup should fail closed.
Suggested remediation
- Raise a startup exception when auth is enabled but incomplete
- Keep
NoOpDecorator limited to explicit local/dev modes only
- Add tests asserting misconfigured production auth prevents app startup
Summary
policyengine-household-apifails open when auth is enabled but misconfigured.Severity
High
Impact
A production deployment with incomplete Auth0 configuration silently becomes public instead of refusing to start.
Affected code
policyengine_household_api/decorators/auth.py:97-130config/production.yaml.example:19-24policyengine_household_api/api.py:35-70Details
If
auth.enabledis true butauth0.address/auth0.audienceare missing,_setup_authentication()logs a warning and installsNoOpDecorator().Expected behavior
When auth is requested but config is invalid, startup should fail closed.
Suggested remediation
NoOpDecoratorlimited to explicit local/dev modes only