Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs incorrectly state setting sendAccessToken enables library handling of 401/403 HTTP status codes #1178

Open
danielsharvey opened this issue Jan 14, 2022 · 4 comments · May be fixed by #1232
Open

Docs incorrectly state setting sendAccessToken enables library handling of 401/403 HTTP status codes #1178

danielsharvey opened this issue Jan 14, 2022 · 4 comments · May be fixed by #1232
Labels
docs Issues that involve improving or adding documentation.

Comments

@danielsharvey
Copy link

Describe the issue
The documentation indicates that the use of the sendAccessToken setting enables an interceptor including: "error handling for security related errors (HTTP status codes 401 and 403) received from the resource server".

See:

I can't see this in behaviour or in the code i.e. the default unless a custom handler is provided is OAuthNoopResourceServerErrorHandler ; see here.

Stackblitz example
N/A

To Reproduce
N/A

Expected behavior
The documentation indicates that setting sendAccessToken to true enables handling of 401 and 403 HTTP status codes.

Desktop (please complete the following information):
N/A

Additional context
N/A
@danielsharvey
Copy link
Author

I'm happy to submit a PR but wanted to understand what was intended and/or if I'd missed something.

@jeroenheijmans
Copy link
Collaborator

I think the documentation is incorrect, and should not say:

Since 3.1 the library uses a default HttpInterceptor that takes care about transmitting the access_token to the resource server and about error handling for security related errors (HTTP status codes 401 and 403) received from the resource server.

But instead say

Since 3.1 the library uses HttpInterceptors. A default HttpInterceptor takes care about transmitting the access_token to the resource server (if configured). Applications can also use their own custom interceptors for handling of security related errors (HTTP status codes 401 and 403) received from the resource server.

In #429 someone noticed similarly that the docs were not entirely correct, and #414 also has som emore info on how (I personally think that) it's an application concern and needs custom application logic to determine what happens on 401/403 errors.

Hope you don't mind if I edit your question title to indicate the docs need improvement? If not let me know and we'll revert and I'll open a separate issue for it.

@jeroenheijmans jeroenheijmans changed the title Does sendAccessToken setting enable handling of 401/403 HTTP status codes? Docs incorrectly state setting sendAccessToken enables library handling of 401/403 HTTP status codes Jan 17, 2022
@jeroenheijmans jeroenheijmans added the docs Issues that involve improving or adding documentation. label Jan 17, 2022
@danielsharvey
Copy link
Author

This sounds good, thank you.

@longinius longinius linked a pull request May 17, 2022 that will close this issue
Open
@craigbroadman
Copy link

If I'm reading this correctly, the docs are still wrong as the PR hasn't been completed and therefore we have to create our own interceptor to handle 401/403 status codes.

If correct, does anyone have a simple example they could share?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Issues that involve improving or adding documentation.
Projects
None yet
Milestone
No milestone
3 participants
@jeroenheijmans @craigbroadman @danielsharvey