When the database cannot be connected, /oauth2/token returns a 401 status code instead of 500

Question

When the database cannot be connected, /oauth2/token returns a 401 status code instead of 500

Opened this issue 7 months ago · 1 comments

Class-public commented 7 months ago

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

When the database cannot be connected, /oauth2/token returns a 401 status code instead of 500

Reproducing the bug

1、Create a OAuht2 Client with Client Credentail Mode
2、Restart the database and immediately request an access token
3、Then you can reproduce the bug

Relevant log output

No response

Relevant configuration

No response

Version

v2.1.2

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

No response

Answer 1 · 2023-11-24T08:11:32.000Z

I found that this encapsulates the error information. This is
Any special reason?

func (f *Fosite) DefaultClientAuthenticationStrategy(ctx context.Context, r *http.Request, form url.Values) (Client, error) {
        ...
	client, err := f.Store.GetClient(ctx, clientID)
	if err != nil {
		return nil, errorsx.WithStack(ErrInvalidClient.WithWrap(err).WithDebug(err.Error()))
	}
        ...
}

fosite/errors.go

	ErrInvalidClient = &RFC6749Error{
		ErrorField:       errInvalidClientName,
		DescriptionField: "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).",
		CodeField:        http.StatusUnauthorized,
	}