auth: clear cookie and redirect on error

ajmyyra / ambassador-auth-oidc

OpenID Connect AuthService for Ambassador API Gateway

MIT License

88 stars 35 forks source link

auth: clear cookie and redirect on error #15

Closed yanniszark closed 5 years ago

yanniszark commented 5 years ago

This commit changes the behaviour of the OIDC Authservice, when an error is encountered when processing the JWT. An error may come up because:

The JWT may be expired.
The JWT may be invalid.

When an error is encountered now, an HTTP error code is returned along with a message. This behaviour is changed so that the cookie is cleared and the user is redirected when there is an error with the JWT.

Fixes: #13

Signed-off-by: Yannis Zarkadas yanniszark@arrikto.com

ajmyyra commented 5 years ago

Hi,

Thank you for this! I admit that redirect is a much better way to handle this.