thirdweb-dev · joaquim-verges · May 21, 2025 · May 21, 2025
diff --git a/.changeset/blue-mice-prove.md b/.changeset/blue-mice-prove.md
@@ -0,0 +1,5 @@
+---
+"@thirdweb-dev/service-utils": patch
+---
+
+Better error messages for 403 responses
@@ -31,8 +31,8 @@ describe("authorizeService", () => {
       // biome-ignore lint/suspicious/noExplicitAny: test only
     ) as any;
     expect(result.authorized).toBe(false);
-    expect(result.errorMessage).toBe(
-      "Invalid request: Unauthorized service: nebula. You can view the restrictions for this team in your dashboard: https://thirdweb.com",
+    expect(result.errorMessage).toContain(
+      "Invalid request: Unauthorized service: nebula",
     );
     expect(result.errorCode).toBe("SERVICE_UNAUTHORIZED");
     expect(result.status).toBe(403);
@@ -52,8 +52,8 @@ describe("authorizeService", () => {
       // biome-ignore lint/suspicious/noExplicitAny: test only
     ) as any;
     expect(result.authorized).toBe(false);
-    expect(result.errorMessage).toBe(
-      "Invalid request: Unauthorized action: storage unauthorized-action. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key",
+    expect(result.errorMessage).toContain(
+      "Invalid request: Unauthorized action: storage unauthorized-action",
     );
     expect(result.errorCode).toBe("SERVICE_ACTION_UNAUTHORIZED");
     expect(result.status).toBe(403);

@@ -19,7 +19,7 @@ export function authorizeService(
   if (!team.enabledScopes.includes(serviceConfig.serviceScope)) {
     return {
       authorized: false,
-      errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope}. You can view the restrictions for this team in your dashboard: https://thirdweb.com`,
+      errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope} for team: ${team.name} (${team.id}). You can view the restrictions for this team in your dashboard: https://thirdweb.com`,
       errorCode: "SERVICE_UNAUTHORIZED",
       status: 403,
     };
@@ -42,7 +42,7 @@ export function authorizeService(
   if (!service) {
     return {
       authorized: false,
-      errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope}. You can view the restrictions on this project in your dashboard: https://thirdweb.com`,
+      errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope} for project: ${project.name} (${project.publishableKey}). You can view the restrictions on this project in your dashboard: https://thirdweb.com`,
       errorCode: "SERVICE_UNAUTHORIZED",
       status: 403,
     };
@@ -56,7 +56,7 @@ export function authorizeService(
     if (!isActionAllowed) {
       return {
         authorized: false,
-        errorMessage: `Invalid request: Unauthorized action: ${serviceConfig.serviceScope} ${serviceConfig.serviceAction}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
+        errorMessage: `Invalid request: Unauthorized action: ${serviceConfig.serviceScope} ${serviceConfig.serviceAction} for project: ${project.name} (${project.publishableKey}). You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
         errorCode: "SERVICE_ACTION_UNAUTHORIZED",
         status: 403,
       };