add rudimentary test logic for #6731

26 files changed, 170 insertions, 16 deletions

diff --git a/src/lib/merchant_api_delete_instance.c b/src/lib/merchant_api_delete_instance.c
index 87b88e0c..793b413c 100644
--- a/src/lib/merchant_api_delete_instance.c
+++ b/src/lib/merchant_api_delete_instance.c
@@ -91,9 +91,10 @@ handle_delete_instance_finished (void *cls,
   {
   case MHD_HTTP_NO_CONTENT:
     break;
-  case MHD_HTTP_NOT_FOUND:
+  case MHD_HTTP_UNAUTHORIZED:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
     break;
   default:
     /* unexpected response code */
diff --git a/src/lib/merchant_api_delete_order.c b/src/lib/merchant_api_delete_order.c
index 4651fcf7..c3771ba8 100644
--- a/src/lib/merchant_api_delete_order.c
+++ b/src/lib/merchant_api_delete_order.c
@@ -88,6 +88,11 @@ handle_delete_order_finished (void *cls,
   {
   case MHD_HTTP_NO_CONTENT:
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (response);
+    hr.hint = TALER_JSON_get_error_hint (response);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     break;
   case MHD_HTTP_CONFLICT:
diff --git a/src/lib/merchant_api_delete_product.c b/src/lib/merchant_api_delete_product.c
index 196ec09d..ba2aaaf4 100644
--- a/src/lib/merchant_api_delete_product.c
+++ b/src/lib/merchant_api_delete_product.c
@@ -91,6 +91,11 @@ handle_delete_product_finished (void *cls,
   {
   case MHD_HTTP_NO_CONTENT:
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_delete_reserve.c b/src/lib/merchant_api_delete_reserve.c
index 9a8d3991..4eedea61 100644
--- a/src/lib/merchant_api_delete_reserve.c
+++ b/src/lib/merchant_api_delete_reserve.c
@@ -92,6 +92,11 @@ handle_delete_reserve_finished (void *cls,
   {
   case MHD_HTTP_NO_CONTENT:
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_get_instance.c b/src/lib/merchant_api_get_instance.c
index 512d1b7c..42d77da9 100644
--- a/src/lib/merchant_api_get_instance.c
+++ b/src/lib/merchant_api_get_instance.c
@@ -195,6 +195,11 @@ handle_get_instance_finished (void *cls,
       GNUNET_JSON_parse_free (spec);
       break;
     }
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     /* instance does not exist */
     hr.ec = TALER_JSON_get_error_code (json);
diff --git a/src/lib/merchant_api_get_orders.c b/src/lib/merchant_api_get_orders.c
index 420510bd..c7b04ab2 100644
--- a/src/lib/merchant_api_get_orders.c
+++ b/src/lib/merchant_api_get_orders.c
@@ -192,6 +192,11 @@ handle_get_orders_finished (void *cls,
       GNUNET_JSON_parse_free (spec);
       break;
     }
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_get_product.c b/src/lib/merchant_api_get_product.c
index c88e74f9..32e06123 100644
--- a/src/lib/merchant_api_get_product.c
+++ b/src/lib/merchant_api_get_product.c
@@ -173,6 +173,11 @@ handle_get_product_finished (void *cls,
       GNUNET_JSON_parse_free (spec);
       break;
     }
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_get_products.c b/src/lib/merchant_api_get_products.c
index d5d57252..26146ea4 100644
--- a/src/lib/merchant_api_get_products.c
+++ b/src/lib/merchant_api_get_products.c
@@ -180,6 +180,11 @@ handle_get_products_finished (void *cls,
       GNUNET_JSON_parse_free (spec);
       break;
     }
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   default:
     /* unexpected response code */
     hr.ec = TALER_JSON_get_error_code (json);
diff --git a/src/lib/merchant_api_get_reserve.c b/src/lib/merchant_api_get_reserve.c
index 429cccff..710bcbc4 100644
--- a/src/lib/merchant_api_get_reserve.c
+++ b/src/lib/merchant_api_get_reserve.c
@@ -198,6 +198,11 @@ handle_reserve_get_finished (void *cls,
         return;
       }
     }
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_INTERNAL_SERVER_ERROR:
     /* Server had an internal issue; we should retry, but this API
        leaves this to the application */
diff --git a/src/lib/merchant_api_get_reserves.c b/src/lib/merchant_api_get_reserves.c
index 52853065..32455a57 100644
--- a/src/lib/merchant_api_get_reserves.c
+++ b/src/lib/merchant_api_get_reserves.c
@@ -181,6 +181,11 @@ handle_reserves_get_finished (void *cls,
         return;
       }
     }
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_INTERNAL_SERVER_ERROR:
     /* Server had an internal issue; we should retry, but this API
        leaves this to the application */
diff --git a/src/lib/merchant_api_get_tips.c b/src/lib/merchant_api_get_tips.c
index 16a87fff..fd3dfdae 100644
--- a/src/lib/merchant_api_get_tips.c
+++ b/src/lib/merchant_api_get_tips.c
@@ -184,6 +184,11 @@ handle_get_tips_finished (void *cls,
       GNUNET_JSON_parse_free (spec);
       break;
     }
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   default:
     /* unexpected response code */
     hr.ec = TALER_JSON_get_error_code (json);
diff --git a/src/lib/merchant_api_get_transfers.c b/src/lib/merchant_api_get_transfers.c
index 0bfd9990..e31fb38f 100644
--- a/src/lib/merchant_api_get_transfers.c
+++ b/src/lib/merchant_api_get_transfers.c
@@ -143,14 +143,14 @@ handle_transfers_get_finished (void *cls,
             GNUNET_JSON_spec_uint64 ("transfer_serial_id",
                                      &td->credit_serial),
             GNUNET_JSON_spec_mark_optional (
-            TALER_JSON_spec_absolute_time ("execution_time",
-                                           &td->execution_time)),
+              TALER_JSON_spec_absolute_time ("execution_time",
+                                             &td->execution_time)),
             GNUNET_JSON_spec_mark_optional (
-            GNUNET_JSON_spec_bool ("verified",
-                                   &td->verified)),
+              GNUNET_JSON_spec_bool ("verified",
+                                     &td->verified)),
             GNUNET_JSON_spec_mark_optional (
-            GNUNET_JSON_spec_bool ("confirmed",
-                                   &td->confirmed)),
+              GNUNET_JSON_spec_bool ("confirmed",
+                                     &td->confirmed)),
             GNUNET_JSON_spec_end ()
           };
 
@@ -184,6 +184,11 @@ handle_transfers_get_finished (void *cls,
         return;
       }
     }
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     /* Nothing really to verify, this should never
        happen, we should pass the JSON reply to the application */
diff --git a/src/lib/merchant_api_lock_product.c b/src/lib/merchant_api_lock_product.c
index 27f4f6e5..e9593fdb 100644
--- a/src/lib/merchant_api_lock_product.c
+++ b/src/lib/merchant_api_lock_product.c
@@ -102,6 +102,11 @@ handle_lock_product_finished (void *cls,
     break;
   case MHD_HTTP_NO_CONTENT:
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_BAD_REQUEST:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_merchant_get_order.c b/src/lib/merchant_api_merchant_get_order.c
index 9504d16b..ac7da14f 100644
--- a/src/lib/merchant_api_merchant_get_order.c
+++ b/src/lib/merchant_api_merchant_get_order.c
@@ -375,6 +375,14 @@ handle_merchant_order_get_finished (void *cls,
   omgh->job = NULL;
   switch (response_code)
   {
+  case MHD_HTTP_OK:
+    /* see below */
+    break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
@@ -383,9 +391,6 @@ handle_merchant_order_get_finished (void *cls,
               NULL);
     TALER_MERCHANT_merchant_order_get_cancel (omgh);
     return;
-  case MHD_HTTP_OK:
-    /* see below */
-    break;
   default:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_merchant_get_tip.c b/src/lib/merchant_api_merchant_get_tip.c
index 4d4c66f7..aad72584 100644
--- a/src/lib/merchant_api_merchant_get_tip.c
+++ b/src/lib/merchant_api_merchant_get_tip.c
@@ -212,17 +212,22 @@ handle_merchant_tip_get_finished (void *cls,
       GNUNET_JSON_parse_free (spec);
       break;
     }
-  case MHD_HTTP_INTERNAL_SERVER_ERROR:
-    /* Server had an internal issue; we should retry, but this API
-       leaves this to the application */
+  case MHD_HTTP_UNAUTHORIZED:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
     break;
   case MHD_HTTP_NOT_FOUND:
     /* legal, can happen if instance or tip reserve is unknown */
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
     break;
+  case MHD_HTTP_INTERNAL_SERVER_ERROR:
+    /* Server had an internal issue; we should retry, but this API
+       leaves this to the application */
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    break;
   default:
     /* unexpected response code */
     GNUNET_break_op (0);
diff --git a/src/lib/merchant_api_patch_instance.c b/src/lib/merchant_api_patch_instance.c
index 721f8dd1..536fbdcf 100644
--- a/src/lib/merchant_api_patch_instance.c
+++ b/src/lib/merchant_api_patch_instance.c
@@ -110,6 +110,11 @@ handle_patch_instance_finished (void *cls,
      * or the merchant is buggy (or API version conflict);
      * just pass JSON reply to the application */
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_FORBIDDEN:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
@@ -172,6 +177,19 @@ TALER_MERCHANT_instance_patch (
   json_t *jpayto_uris;
   json_t *req_obj;
 
+  if (NULL != auth_token)
+  {
+    if (0 != strncasecmp (RFC_8959_PREFIX,
+                          auth_token,
+                          strlen (RFC_8959_PREFIX)))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Authentication token must start with `%s'\n",
+                  RFC_8959_PREFIX);
+      return NULL;
+    }
+    auth_token += strlen (RFC_8959_PREFIX);
+  }
   jpayto_uris = json_array ();
   if (NULL == jpayto_uris)
   {
diff --git a/src/lib/merchant_api_patch_order_forget.c b/src/lib/merchant_api_patch_order_forget.c
index b00361fc..ddb26062 100644
--- a/src/lib/merchant_api_patch_order_forget.c
+++ b/src/lib/merchant_api_patch_order_forget.c
@@ -1,6 +1,6 @@
 /*
   This file is part of TALER
-  Copyright (C) 2020 Taler Systems SA
+  Copyright (C) 2020, 2021 Taler Systems SA
 
   TALER is free software; you can redistribute it and/or modify
   it under the terms of the GNU Lesser General Public License as
@@ -106,6 +106,11 @@ handle_forget_finished (void *cls,
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_patch_product.c b/src/lib/merchant_api_patch_product.c
index e7d22520..f5630fc3 100644
--- a/src/lib/merchant_api_patch_product.c
+++ b/src/lib/merchant_api_patch_product.c
@@ -110,6 +110,11 @@ handle_patch_product_finished (void *cls,
      * or the merchant is buggy (or API version conflict);
      * just pass JSON reply to the application */
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_FORBIDDEN:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_post_instances.c b/src/lib/merchant_api_post_instances.c
index a21b9b55..a6452045 100644
--- a/src/lib/merchant_api_post_instances.c
+++ b/src/lib/merchant_api_post_instances.c
@@ -109,6 +109,11 @@ handle_post_instances_finished (void *cls,
      * or the merchant is buggy (or API version conflict);
      * just pass JSON reply to the application */
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_FORBIDDEN:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
@@ -174,6 +179,19 @@ TALER_MERCHANT_instances_post (
   json_t *jpayto_uris;
   json_t *req_obj;
 
+  if (NULL != auth_token)
+  {
+    if (0 != strncasecmp (RFC_8959_PREFIX,
+                          auth_token,
+                          strlen (RFC_8959_PREFIX)))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Authentication token must start with `%s'\n",
+                  RFC_8959_PREFIX);
+      return NULL;
+    }
+    auth_token += strlen (RFC_8959_PREFIX);
+  }
   jpayto_uris = json_array ();
   if (NULL == jpayto_uris)
   {
diff --git a/src/lib/merchant_api_post_order_pay.c b/src/lib/merchant_api_post_order_pay.c
index 28e9f6ed..d6b081bd 100644
--- a/src/lib/merchant_api_post_order_pay.c
+++ b/src/lib/merchant_api_post_order_pay.c
@@ -387,6 +387,13 @@ handle_pay_finished (void *cls,
     /* Exchange couldn't respond properly; the retry is
        left to the application */
     break;
+  case MHD_HTTP_GATEWAY_TIMEOUT:
+    TALER_MERCHANT_parse_error_details_ (json,
+                                         response_code,
+                                         &hr);
+    /* Exchange couldn't respond in a timely fashion;
+       the retry is left to the application */
+    break;
   default:
     TALER_MERCHANT_parse_error_details_ (json,
                                          response_code,
diff --git a/src/lib/merchant_api_post_order_refund.c b/src/lib/merchant_api_post_order_refund.c
index 748fb8c1..80ad70d4 100644
--- a/src/lib/merchant_api_post_order_refund.c
+++ b/src/lib/merchant_api_post_order_refund.c
@@ -131,8 +131,13 @@ handle_refund_finished (void *cls,
       GNUNET_JSON_parse_free (spec);
     }
     break;
-  case MHD_HTTP_CONFLICT:
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
+  case MHD_HTTP_CONFLICT:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
     orh->cb (orh->cb_cls,
diff --git a/src/lib/merchant_api_post_orders.c b/src/lib/merchant_api_post_orders.c
index 56de86d1..44c44c9b 100644
--- a/src/lib/merchant_api_post_orders.c
+++ b/src/lib/merchant_api_post_orders.c
@@ -133,6 +133,11 @@ handle_post_order_finished (void *cls,
        the merchant is buggy (or API version conflict);
        just pass JSON reply to the application */
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    por.hr.ec = TALER_JSON_get_error_code (json);
+    por.hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_FORBIDDEN:
     /* Nothing really to verify, merchant says one
        of the signatures is invalid; as we checked them,
diff --git a/src/lib/merchant_api_post_products.c b/src/lib/merchant_api_post_products.c
index ed1d3899..7ed9755c 100644
--- a/src/lib/merchant_api_post_products.c
+++ b/src/lib/merchant_api_post_products.c
@@ -109,6 +109,11 @@ handle_post_products_finished (void *cls,
      * or the merchant is buggy (or API version conflict);
      * just pass JSON reply to the application */
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_FORBIDDEN:
     hr.ec = TALER_JSON_get_error_code (json);
     hr.hint = TALER_JSON_get_error_hint (json);
diff --git a/src/lib/merchant_api_post_reserves.c b/src/lib/merchant_api_post_reserves.c
index 149ecaeb..8a8dee2d 100644
--- a/src/lib/merchant_api_post_reserves.c
+++ b/src/lib/merchant_api_post_reserves.c
@@ -130,6 +130,11 @@ handle_post_reserves_finished (void *cls,
     }
   case MHD_HTTP_ACCEPTED:
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     /* Nothing really to verify, this should never
        happen, we should pass the JSON reply to the application */
diff --git a/src/lib/merchant_api_post_transfers.c b/src/lib/merchant_api_post_transfers.c
index 14a44971..e78cb36d 100644
--- a/src/lib/merchant_api_post_transfers.c
+++ b/src/lib/merchant_api_post_transfers.c
@@ -190,6 +190,11 @@ handle_post_transfers_finished (void *cls,
     }
   case MHD_HTTP_ACCEPTED:
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     /* Nothing really to verify, this should never
        happen, we should pass the JSON reply to the application */
diff --git a/src/lib/merchant_api_tip_authorize.c b/src/lib/merchant_api_tip_authorize.c
index 64aad420..d45f61a9 100644
--- a/src/lib/merchant_api_tip_authorize.c
+++ b/src/lib/merchant_api_tip_authorize.c
@@ -1,6 +1,6 @@
 /*
   This file is part of TALER
-  Copyright (C) 2014-2017, 2020 Taler Systems SA
+  Copyright (C) 2014-2017, 2020, 2021 Taler Systems SA
 
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU Lesser General Public License as published by the Free Software
@@ -161,6 +161,11 @@ handle_tip_authorize_finished (void *cls,
     hr.http_status = 0;
     hr.ec = TALER_EC_GENERIC_INVALID_RESPONSE;
     break;
+  case MHD_HTTP_UNAUTHORIZED:
+    hr.ec = TALER_JSON_get_error_code (json);
+    hr.hint = TALER_JSON_get_error_hint (json);
+    /* Nothing really to verify, merchant says we need to authenticate. */
+    break;
   case MHD_HTTP_NOT_FOUND:
     /* Well-defined status code, pass on to application! */
     hr.ec = TALER_JSON_get_error_code (json);