fix(proxy_server.py): check if team scope in jwt

2025-04-26 03:04:13 +00:00 · 2024-03-26 14:01:02 -07:00 · 2024-03-26 14:01:02 -07:00 · d90f44fe8e
commit d90f44fe8e
parent 4d7f4550e2
2 changed files with 11 additions and 0 deletions
--- a/litellm/proxy/proxy_server.py
+++ b/litellm/proxy/proxy_server.py
@ -390,6 +390,12 @@ async def user_api_key_auth(
                        raise Exception(
                            f"Admin not allowed to access this route. Route={route}, Allowed Routes={actual_routes}"
                        )
+                # check if team in scopes
+                is_team = jwt_handler.is_team(scopes=scopes)
+                if is_team == False:
+                    raise Exception(
+                        f"Missing both Admin and Team scopes from token. Either is required. Admin Scope={jwt_handler.litellm_proxy_roles.admin_jwt_scope}, Team Scope={jwt_handler.litellm_proxy_roles.team_jwt_scope}"
+                    )
                # get team id
                team_id = jwt_handler.get_team_id(token=valid_token, default_value=None)