New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose query in spite of errors #295
Comments
Yes, you are right we should. Looking at https://hapijs.com/api#serverauthschemename-scheme it seems like we should be able to return the credentials object anyways when we hit an error rather than creating a new request.auth key which is more owned by Hapi than us. Remember that the presence of the credentials object does not mean that The docs are a bit unclear, but looks like it should be possible. That's a great request. If you can implement it then we'll make sure it gets properly reviewed in time. I know I am currently behind on quite a few PRs! |
Definitely. Although, this could be considered semver major depending on how you look at it. Maybe not because...
You are absolutely right. The docs are clear that
Is that happening? I looked through the code a bit and couldn't find anything like that. But I may be missing something amidst all of the machinery. Not even sure how I would set anything on |
Sounds like we're saying close to the same thing. But I want to be sure
I am proposing that we can implement the return of I think it would be a semver minor change, but Bell has lots of instances where it needs to raise the major so I can make proper release notes spelling out that point very clearly that request.auth.credentials presence does not mean something is authenticated. Though I have to say, we may have made a mistake returning the query in credentials rather than artifacts. It seems like we mixed up the concepts but it's probably not important enough for a real breaking change here. |
Yeah, that's fine too. I care more about being able to access it than where exactly it lives. Though it does feel strange to refer to it as a credential. And I support putting it on |
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions. |
The query feature is awesome as it allows me to return the user to where they came from after logging in.
However, because
bell
attaches it it torequest.auth.credentials
, andcredentials
are only available if there are no errors frombell
, the end result is that I cannot help them go back if authentication fails for any reason.Here is an example flow that would be a great user experience:
GET /login?next=%2Fmy-page
302 Found (Location: /my-page)
And if there is an error during step 2, the
Location
header would have something like?auth_error=msg
appended to it so that/my-page
could render a nice pretty error for the user while allowing them to resume whatever they were doing.Currently, the non-error case is easily achievable. But in the case where there is an error, my auth route has no knowledge of
/my-page
and so has nothing to redirect to or append to.By always exposing the
query
object, we can achieve the above flow even in the error case and provide a much better user experience.The text was updated successfully, but these errors were encountered: