server
server copied to clipboard
OnConnectAuthenticate cannot specify an error code (like Client Identifier not valid)
The conclusion of issue #398 was that the Server shouldn't require usernames to match in a session takeover; instead an OnConnectAuthenticate
hook should do this if desired, i.e. rejecting the login if the clientID matches a persistent session but the username does not.
However, the OnConnectAuthenticate
hook cannot specify an error code; all it can do is return false, in which case the client is sent a "Not authorized" error. This is misleading: the error code implies the client credentials are incorrect, but instead it's the client ID that's incorrect. This could be really confusing for a developer, especially since it would likely be an intermittent problem.
The proper error code would be "Client Identifier not valid" or "Connection Refused, identifier rejected" -- if the client got that error instead, it would know to generate a different session ID and retry. Or at least the developer would have a better idea what's going on and how to fix it.
It seems the OnConnectAuthenticate
hook should be extended so it can return different error codes. But changing the return type would break API compatibility. I don't know what approach would be best. Maybe define a new hook method OnConnectAuthenticate2
with a different signature, and have Server call that one instead if it's provided?