Possibility to return a 5XX response code from the authc&authz phases.

[joelsdc]

Is your feature request related to a problem? Please describe.

We use custom generic authentication and have configured our Authc and Authz providers.

Part of the authc/authz process requires validating information with subsequent services. If any of the required subservices are down, we can't return a 5XX code.

Describe the solution you would like

Possibility to return a 5XX response code from the authc&authz phases.

Describe alternatives you have considered

Not rely on aah authc/authz and implement such functionality at the controller level (we don't like the path...)

Additional context

We have seen that for Authc we can return the following errors:

• ErrAuthenticatorIsNil
• ErrPrincipalIsNil
• ErrAuthenticationFailed
• ErrSubjectNotExists

Maybe add a ErrInternalServerError and ErrServiceUnavailable that when returned will instruct aah to reply with a 500/503 accordingly.

For Authz I'm not sure how it could be implemented, but the same applies. We do requests to subsequent services that will let us know if authorization is granted or not, if they fail, we would like to return 500 or 503.

The end goal is for our customers to be able to differentiate if there is a authc(401)/authz(403) problem vs an underlying problem (500/503) but the authc/authz could be OK, just that the request was not completed successfully.

Thanks!

[jeevatkm]

@joelsdc Thanks for initiating an enhancements into auth{c,z} module. The best option is to add new errors as you suggested and handle that error appropriately within security module.

I saw you PR #257 for authentication token with custom values, I guess you could add this enhancements into same PR. If it's okay with you.

Thank you for the PR 😄

[jeevatkm]

Addressed by PR #257