Comments (10)
@xfynx honestly I don't think localization is needed here. Error messages returned by the gem are not meant to be shown to the user, they are useful for logging and debugging but the client should show "Authentication failed" instead of "Invalid JWT token : Signature Verification Error", wdyt?
from rack-jwt.
I know, it is obvious, but i think that good way to handle it is add localization files, just like in other gems like device.
It is easy to develop, needs one default english-locale file somewhere inside the gem (no need to do generator for that). Also need to have configurable path to user locale file for overlapping and default value for it, or several, if it needs to do for distinct frameworks.
from rack-jwt.
@Morred what's the point of having custom error messages? do you need a different format than {error: message}
to accommodate error messages to your client without changes maybe?
from rack-jwt.
@eparreno yeah, you are right, there is no need more dependencies for gems like this. and "Authentication failed" is a great variant. In general i think that current variant is okay: no exceptions, that will return something another than 401 with description. From another point of view if it will be used as it is, it needs more common messages for user, but not scary "Invalid JWT ID" or "Incorrect Key Algorithm"
from rack-jwt.
I'd like to be able to do more than customize the error message string. I'd like to return a JSON error message with the same structure as all my other API errors. I haven't yet settled on exactly what that structure will be (I'm studying this SO answer). I was hoping I could pass a block as one of the options to customize the error generation.
@eparreno do you mind sharing your monkey patch?
from rack-jwt.
@eparreno Yeah I had to work against a spec that expected a very specific error response format.
@mpoisot I patched it like this:
require 'jwt'
module Rack
module JWT
class Auth
def return_error(message)
body =
{
errors: {
code: '401',
title: 'Authentication failure',
details: message
}
}.to_json
headers = { 'Content-Type' => 'application/json', 'Content-Length' => body.bytesize.to_s }
[401, headers, [body]]
end
end
end
end
Now that just hardcodes the exact error message that I needed, but it shouldn't be too hard to change it so it accepts a custom error message template. I can give it a go if that's something you guys would be interested in adding to the gem.
from rack-jwt.
I ended up here also looking for a way to customise the HTTP 401 JSON. How about an option, say, called customize_unauthorized_response
, which is a proc
that accepts the original message
?
The default proc
would emulate the current behavior:
CUSTOMIZE_UNAUTHORIZED_RESPONSE = Proc.new { |message| { error: message } }
Then, return_error
would just call either a provided proc, or, the default if none provided, to format the body:
def initialize(app, opts = {})
@app = app
@customize_unauthorized_response = opts.fetch(:customize_unauthorized_response, CUSTOMIZE_UNAUTHORIZED_RESPONSE)
....
def return_error(message)
body = @customize_unauthorized_response.call(message).to_json
...
Is that too much indirection? Thoughts? I could try a PR if there is interest in this feature.
All this being said, I'm just looking to dupe the HTTP status code in the body because I'm dealing with a client that has no access to the HTTP status (!).
from rack-jwt.
Whoops, I just noticed @mpoisot suggested passing in a block as well. Apologies for the dupe.
from rack-jwt.
Sorry for the delay guys, gonna check that one today since a few people is interested
from rack-jwt.
@eparreno any updates? At least 1 day passed :P
from rack-jwt.
Related Issues (7)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rack-jwt.