feat: error_hint and error_debug are now exposed through error_description#460
feat: error_hint and error_debug are now exposed through error_description#460aeneasr merged 14 commits intoory:masterfrom
Conversation
|
Closing and reopening to trigger tests to run. |
There was a problem hiding this comment.
Great work! I think this will appear in a couple of other places as well (introspection?). I also had the idea that we could improve all of this a bit more by making RFCError a JSONUnmarshaller and add a method AsQueryString() string which would do the modifications instead of handling this. The only problem would be that f.SendDebugMessagesToClients would need to be passed to these functions somehow.
|
Once again, sorry for the late review! By the way, if you allow edits from maintainers I should be able to synch the branches and make the nancy failure go away :) |
It should already be on. |
|
Yes, my bad, I had to change something in the repository settings! |
|
About And then leave to |
|
Or maybe we make |
|
Hm yeah in that case it probably makes sense to just keep it as is! |
|
Just to double-check, this would now be good for merge right? |
|
No, I have not yet updated it based on your comments. My plan is:
|
|
Ok sounds good :) |
|
|
||
| func (f *Fosite) IntrospectToken(ctx context.Context, token string, tokenType TokenType, session Session, scopes ...string) (TokenType, AccessRequester, error) { | ||
| var found bool = false | ||
| var found = false |
There was a problem hiding this comment.
This is not necessary.
| } else if err.Error() == ErrUnknownRequest.Error() || errors.Cause(err).Error() == ErrUnknownRequest.Error() { | ||
| // Nothing to do | ||
| } else if err != nil { | ||
| } else { |
There was a problem hiding this comment.
This condition was unnecessary and always true.
| for _, validator := range f.TokenIntrospectionHandlers { | ||
| tt, err := validator.IntrospectToken(ctx, token, tokenType, ar, scopes) | ||
| if err := errors.Cause(err); err == nil { | ||
| if err == nil { |
There was a problem hiding this comment.
I simplified the logic here a bit. ErrorToRFC6749Error uses Cause internally as well, so I think this now is clearer and easier to read.
|
@aeneasr I finished things from my side. Please review again. When merging, please squash commits. (Or do you want me to squash them?) |
|
All good, I'll squash them :) |
|
Please see my comments above and tell me your final decisions so that I know what to do. |
aeneasr
left a comment
There was a problem hiding this comment.
Thank you, almost there :) Still on vacation until September 23rd so response times might be a bit longer!
|
I updated the PR. Enjoy vacations, no hurry with this one. |
|
I would suggest we simply make |
|
Also, how people feel about removing |
|
@mitar
I agree with you.
I'm a user of fosite (not hydra) so my opinion's maybe not complete but I'm totally OK with removing error_hint and error_debug (merging them into error_description). |
|
Came here to ask about the same thing - |
|
Those fields will be eventually deprecated. In the meanwhile, simply ignore them! |
|
We can definitely ask the client to ignore them; the main reason I was asking is to confirm that our auth service is not leaking any info that it shouldn't and is up to spec with the RFC. When we run |
|
Yes, those are fine. There is no extra information provided with these new fields, just merging them into |
|
Thanks. I'm OK with this. But please allow me to confirm:
Thank you. |
|
Yes, these will be deprecated in the upcoming release! |
|
For anyone following this thread - I had to introduce some changes to this original PR. You can find the changeset here: e463674 |
Related issue
Fixes #456.
Proposed changes
When
error_descriptionis send out, it includes nowerror_hint(if present) anderror_debug(if present and enabled to be send). Becauseerror_descriptionis standard this allows easier access to that information.error_hintanderror_debugfields are left as-is for backwards compatibility purposes.error_verboseis added to provide only the old error description.Checklist
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got green light (please contact
security@ory.sh) from the maintainers to push
the changes.