Detailed error statuses #175
Comments
I agree.
Thanks for looking for improvements. |
|
flask-wtforms does raise custom CSRFError exceptions inheriting from HTTPException, that can be catched with |
{{ message }}
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
I met a professional situation where several team from several companies were responsible for several pieces of software intended to work together: a client app implemented by a company A gets a token from an identity server administrated by a company B, and pass it to another client app implemented from a company C and deployed from a company D (I am not kidding, this was today).
The software developed by the company C (my company) uses flask-pyoidc, and this bunch of people struggled to debug the full flow. Is our problem due to a bug in software A? In software C? Due to a misconfiguration from the identity server? Due to a misconfiguration of the software C?
In the end we solved our problem (an issue with audience and token introspection endpoint authentication method) but we thought our life would had been easier if flask-pyoidc provided more debug logs.
The
token_decoratormethod uses flask.abort to raise some 401 and 403 errors. I would love to be able to catch those errors and return a JSON message with details about the error causes (token missing, token expired, bad audience, bad scope).I can think of several ways to achieve this, I am not sure which one is better:
TokenExpiredException), in the client app implement custom flask errorhandlers and provide the desired debug messageflask.abort(403, error="The token has expired"), in the client app implement a generic flask errorhandlers that would put the error message in a json dict.I suppose this would not leak security information, but if this is an issue maybe this whole thing could be an option.
What do you think?
The text was updated successfully, but these errors were encountered: