Added logging for the authentication errors.

Moved the "no api secret" error message to the end and only create it if there are no
api client secrets

app/authentication/auth.py

@@ -1,10 +1,11 @@
-from flask import request, jsonify, _request_ctx_stack
+from flask import request, jsonify, _request_ctx_stack, current_app
 from client.authentication import decode_jwt_token, get_token_issuer
 from client.errors import TokenDecodeError, TokenRequestError, TokenExpiredError, TokenPayloadError
 from app.dao.api_key_dao import get_unsigned_secrets
 
 
 def authentication_response(message, code):
+    current_app.logger.info(message)
     return jsonify(
         error=message
     ), code
@@ -27,8 +28,8 @@ def requires_auth():
         return authentication_response("Invalid token: signature", 403)
     if api_client is None:
         authentication_response("Invalid credentials", 403)
-    # If the api_client does not have any secrets return response saying that
-    errors_resp = authentication_response("Invalid token: api client has no secrets", 403)
+
+    errors_resp = None
     for secret in api_client['secret']:
         try:
             decode_jwt_token(
@@ -49,11 +50,14 @@ def requires_auth():
         except TokenDecodeError:
             errors_resp = authentication_response("Invalid token: signature", 403)
 
+    if errors_resp is None:
+        # If we got this far with out any errors then the api client has no secrets
+        errors_resp = authentication_response("Invalid token: api client has no secrets", 403)
+
     return errors_resp
 
 
 def fetch_client(client):
-    from flask import current_app
     if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
         return {
             "client": client,