From 736a51c13f585ff47a90b8e8ecdd454d1e3d864e Mon Sep 17 00:00:00 2001
From: Beto Dealmeida <roberto@dealmeida.net>
Date: Fri, 15 May 2026 13:53:02 -0400
Subject: [PATCH] fix: OAuth2 exception should be 403 (#40074)

---
 superset/exceptions.py                 | 4 ++--
 tests/unit_tests/databases/api_test.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/superset/exceptions.py b/superset/exceptions.py
index afceac9b5d6..15fe372abe6 100644
--- a/superset/exceptions.py
+++ b/superset/exceptions.py
@@ -353,10 +353,10 @@ class OAuth2RedirectError(SupersetErrorException):
 
     See the `OAuth2RedirectMessage.tsx` component for more details of how this
     information is handled.
-
-    TODO (betodealmeida): change status to 403.
     """
 
+    status = 403
+
     def __init__(self, url: str, tab_id: str, redirect_uri: str):
         super().__init__(
             SupersetError(
diff --git a/tests/unit_tests/databases/api_test.py b/tests/unit_tests/databases/api_test.py
index db15d1c1d13..a60ada494ce 100644
--- a/tests/unit_tests/databases/api_test.py
+++ b/tests/unit_tests/databases/api_test.py
@@ -2250,7 +2250,7 @@ def test_catalogs_with_oauth2(
     security_manager.get_catalogs_accessible_by_user.return_value = {"db2"}
 
     response = client.get("/api/v1/database/1/catalogs/")
-    assert response.status_code == 500
+    assert response.status_code == 403
     assert response.json == {
         "errors": [
             {
@@ -2351,7 +2351,7 @@ def test_schemas_with_oauth2(
     security_manager.get_schemas_accessible_by_user.return_value = {"schema2"}
 
     response = client.get("/api/v1/database/1/schemas/")
-    assert response.status_code == 500
+    assert response.status_code == 403
     assert response.json == {
         "errors": [
             {