Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refact: return detailed error messages for WebApi integration #105

Closed
wants to merge 1 commit into from
Closed

refact: return detailed error messages for WebApi integration #105

wants to merge 1 commit into from

Conversation

omsmith
Copy link
Contributor

@omsmith omsmith commented Dec 4, 2018

Closes: #40

omsmith
omsmith commented Dec 4, 2018
View reviewed changes
src/D2L.Security.OAuth2.WebApi/Authorization/OAuth2AuthorizeAttribute.cs
error: exception.Error.ToString(),
errorDescription: exception.ErrorDescription
);
string authenticateHeader = $"Bearer error=\"{ responseContent.Error }\", error_description=\"{ responseContent.ErrorDescription }\"";
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is sketch

src/D2L.Security.OAuth2.WebApi/Authorization/OAuth2AuthorizeAttribute.cs
@@ -57,5 +94,12 @@ public abstract class OAuth2AuthorizeAttribute : AuthorizeAttribute {

protected abstract bool IsAuthorizedInternal( HttpActionContext actionContext );

private static void HandleNoAuth( HttpActionContext actionContext ) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: verify this occurs and it's not just a different code path doing No-Auth 401s

....Security.OAuth2.WebApi.IntegrationTests/Authorization/DefaultAuthorizationAttributeTests.cs
@@ -24,7 +24,7 @@ await TestUtilities.RunBasicAuthTest( "/authorization/unspecifiedprincipaltype",


[Test]
public async Task Basic_NoAuthentication_403() {
public async Task Basic_NoAuthentication_401() {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

~unrelated

test/D2L.Security.OAuth2.WebApi.IntegrationTests/Authorization/NoImpersonationAttributeTests.cs
await TestUtilities
.RunBasicAuthTest( "/authorization/imp", jwt, HttpStatusCode.Forbidden )
var response = await TestUtilities
.RunBasicAuthTest<OAuth2ErrorResponse>( "/authorization/imp", jwt, HttpStatusCode.Unauthorized )
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed these cause of the RFC suggestion, and I didn't think it super terribly mattered.

invalid_token
         The access token provided is expired, revoked, malformed, or
         invalid for other reasons.  The resource SHOULD respond with
         the HTTP 401 (Unauthorized) status code.  The client MAY
         request a new access token and retry the protected resource
         request.

@omsmith omsmith changed the base branch from master to omsmith/keep May 15, 2019 14:02
@j3parker
Copy link
Member

We're going to deprecate the WebAPI library because it is incompatible with ASP.NET Core.

@j3parker j3parker closed this Apr 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@j3parker j3parker j3parker left review comments

Assignees
No one assigned
Labels
semver-major
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@omsmith @j3parker