Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oAuth2 error message are cryptic #741

Open
XVincentX opened this issue May 28, 2018 · 1 comment
Open

oAuth2 error message are cryptic #741

XVincentX opened this issue May 28, 2018 · 1 comment
Assignees
@XVincentX
Labels
enhancement

Comments

@XVincentX
Copy link
Member

XVincentX commented May 28, 2018
edited
Loading

When something goes wrong with oAuth2, we return a 401 with a simple Unauthorized message.

This is probably good for a production environment; however in development mode we should return more meaningful error message to help the developer understand what's going on.

They can then be disabled when it runs in production mode.

Ideas:

  1. Increase the logging when things go wrong
  2. Return detailed error message in the response when something goes on and NODE_ENV is not on production.

Related to #701
@XVincentX XVincentX changed the title oAuth2 error message are crypic oAuth2 error message are cryptic May 28, 2018
@XVincentX XVincentX self-assigned this Jun 11, 2018
@9horses
Copy link

9horses commented Apr 1, 2019

Just a quick note that even in production, returning additional information for 401's would be useful.
Returning something in WWW-Authenticate header would be as per the standard as dictated here: https://tools.ietf.org/html/rfc6750#section-3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@XVincentX XVincentX

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@XVincentX @9horses