GetClient() failure always causes invalid_client error, should support internal server error too
Closed this issue · 2 comments
nerocrux commented
Describe the bug
- When I implement GetClient(), I will return Internal Error for DB failure, etc... But I found out that fosite does not check what error Store.GetClient() returns, and always throws Invalid Client error.
- https://github.com/ory/fosite/blob/master/authorize_request_handler.go#L231
To Reproduce
- Intentionally returns Internal Server Error from Store
Expected behavior
- Store.GetClient() should check the error returned to it
- If it is Internal Server Error, fosite should return
server_error
, otherwise, returninvalid_client
error.
Screenshots
- none
Version:
- all versions and environments
Additional context
nerocrux commented
nerocrux commented
Since change error code may cause broken change, users can just set error message using WithDebug()
to let handler know what kind of error happened (bad request or internal server error).
https://github.com/ory/fosite/blob/master/client_authentication.go#L185
But in AuthorizeRequestHandler and IntrospectionRequestHandler, users can not set error message because WithDebug()
are not implemented.
https://github.com/ory/fosite/blob/master/authorize_request_handler.go#L231
Is it possible to allow it?
I'll open a PR to show what I want to do.