Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM: Implement correct OAuth2 error handling #2515

Merged
merged 7 commits into from
Oct 2, 2023
Merged

IAM: Implement correct OAuth2 error handling #2515

merged 7 commits into from
Oct 2, 2023

Conversation

reinkrul
Copy link
Member

This PR introduces an OAuth2 error handler that:

  • Redirects the browser back to the provided redirect_uri (with error and error_description parameters)
  • If there's no redirect_uri, it either prints the error as plain text (for a browser) or JSON (for an API client)

It also fixes HTTP request logging status codes for the IAM API package.

woutslakhorst
woutslakhorst requested changes Sep 27, 2023
View reviewed changes
auth/api/iam/api.go Outdated Show resolved Hide resolved
auth/api/iam/api.go Outdated Show resolved Hide resolved
auth/api/iam/error.go
redirectURI, _ := url.Parse(oauthErr.RedirectURI)
if oauthErr.RedirectURI == "" || redirectURI == nil {
// Can't redirect the user-agent back, render error as JSON or plain text (depending on content-type)
contentType := echoContext.Request().Header.Get("Content-Type")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Content-Type or Accept header?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At first, I had both. But that introduced unused code paths (Accept header being application/json), which adds complexity and no value. So given the assumption that a browser will never send application/json as content-type (maybe with a form post with enctype set to that value, but that would be very, very weird?), and API clients will use JSON, I just settles on Content-Type = application/json for now.

When proven otherwise in future, we can easily adapt this.

auth/api/iam/error.go Show resolved Hide resolved
auth/api/iam/api.go Outdated Show resolved Hide resolved
@reinkrul
Copy link
Member Author

Force-pushed after fixing conflicts a bit too early

@reinkrul
Copy link
Member Author

Suggestion applied.

@reinkrul reinkrul merged commit 7ab8356 into master Oct 2, 2023
6 checks passed
@reinkrul reinkrul deleted the iam-oauth2-errors branch October 2, 2023 10:24
@reinkrul reinkrul restored the iam-oauth2-errors branch October 2, 2023 10:24
@reinkrul reinkrul deleted the iam-oauth2-errors branch October 2, 2023 10:24
reinkrul added a commit that referenced this pull request Oct 4, 2023
@reinkrul
IAM: Implement correct OAuth2 error handling (#2515)
f8924ee
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woutslakhorst woutslakhorst woutslakhorst approved these changes

@gerardsn gerardsn Awaiting requested review from gerardsn gerardsn is a code owner

@stevenvegt stevenvegt Awaiting requested review from stevenvegt stevenvegt is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@reinkrul @woutslakhorst