search

ueberauth / guardian

Elixir Authentication
MIT License
3.4k stars 381 forks source link

Opaque errors when token verification fails #711

Closed rawnsley closed 1 day ago

rawnsley commented 1 year ago

Problem Statement

Caveat: I am new to both Guardian and Elixir

While trying to get the decode_and_verify function working, I was thwarted by obscure error messages. In the end my problem was fixed by being explicit about the allowed algorithms, but the error returned by this function was always CaseClauseError{term: {:error, :badarg}}}

I think this is because the root error is returned by decode_token, then returning_tuple maps it to { :error, _ } (already striping out any useful info), and then the calling function has no matching case clause anyway so it throws a generic CaseClauseError.

This exception is caught in decode_and_verify and an error message is returned, but there is no chance of debugging where the failure originally occured.

I'm not sure what the right behaviour should be in this case or what is canonical Elixir, but as it stands I ended up having to reproduce the call chain line-by-line in my client code until I found the problem, which isn't ideal.

Solution Brainstorm

No response

f-francine commented 1 year ago

Hello, @rawnsley! Perhaps a log message, with the original errors, would be helpful. At least it would make it easier to debug the problem

rawnsley commented 1 year ago

@f-francine A log message would be great - thank you.

yordis commented 1 year ago

@f-francine thank you so much for the help.

@rawnsley do you mind filling up the "Solution Brainstorm" I am not sure what you are asking us to do or what you would propose.

Or even much better, since you already know how to replicate the issue and whatnot, create a PR with the proposed solution. I am here to help you with it as much as I can.

github-actions[bot] commented 2 weeks ago

This issue has been automatically marked as "stale:discard". If this issue still relevant, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment.

github-actions[bot] commented 1 day ago

Closing this issue after a prolonged period of inactivity. If this issue is still relevant, feel free to re-open the issue. Thank you!