Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possibility to return a 5XX response code from the authc&authz phases. #260

joelsdc opened this issue Jun 28, 2019 · 1 comment


None yet
2 participants
Copy link

commented Jun 28, 2019

Is your feature request related to a problem? Please describe.

We use custom generic authentication and have configured our Authc and Authz providers.

Part of the authc/authz process requires validating information with subsequent services. If any of the required subservices are down, we can't return a 5XX code.

Describe the solution you would like

Possibility to return a 5XX response code from the authc&authz phases.

Describe alternatives you have considered

Not rely on aah authc/authz and implement such functionality at the controller level (we don't like the path...)

Additional context

We have seen that for Authc we can return the following errors:

  • ErrAuthenticatorIsNil
  • ErrPrincipalIsNil
  • ErrAuthenticationFailed
  • ErrSubjectNotExists

Maybe add a ErrInternalServerError and ErrServiceUnavailable that when returned will instruct aah to reply with a 500/503 accordingly.

For Authz I'm not sure how it could be implemented, but the same applies. We do requests to subsequent services that will let us know if authorization is granted or not, if they fail, we would like to return 500 or 503.

The end goal is for our customers to be able to differentiate if there is a authc(401)/authz(403) problem vs an underlying problem (500/503) but the authc/authz could be OK, just that the request was not completed successfully.



This comment has been minimized.

Copy link

commented Jun 29, 2019

@joelsdc Thanks for initiating an enhancements into auth{c,z} module. The best option is to add new errors as you suggested and handle that error appropriately within security module.

I saw you PR #257 for authentication token with custom values, I guess you could add this enhancements into same PR. If it's okay with you.

Thank you for the PR 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.