Closed joelsdc closed 4 years ago
@joelsdc Thanks for initiating an enhancements into auth{c,z} module. The best option is to add new errors as you suggested and handle that error appropriately within security module.
I saw you PR #257 for authentication token with custom values, I guess you could add this enhancements into same PR. If it's okay with you.
Thank you for the PR 😄
Addressed by PR #257
Is your feature request related to a problem? Please describe.
We use custom generic authentication and have configured our
Authc
andAuthz
providers.Part of the authc/authz process requires validating information with subsequent services. If any of the required subservices are down, we can't return a 5XX code.
Describe the solution you would like
Possibility to return a 5XX response code from the authc&authz phases.
Describe alternatives you have considered
Not rely on aah authc/authz and implement such functionality at the controller level (we don't like the path...)
Additional context
We have seen that for
Authc
we can return the following errors:ErrAuthenticatorIsNil
ErrPrincipalIsNil
ErrAuthenticationFailed
ErrSubjectNotExists
Maybe add a
ErrInternalServerError
andErrServiceUnavailable
that when returned will instruct aah to reply with a 500/503 accordingly.For
Authz
I'm not sure how it could be implemented, but the same applies. We do requests to subsequent services that will let us know if authorization is granted or not, if they fail, we would like to return 500 or 503.The end goal is for our customers to be able to differentiate if there is a authc(401)/authz(403) problem vs an underlying problem (500/503) but the authc/authz could be OK, just that the request was not completed successfully.
Thanks!