nats-io
improve "Authorization Violation" error
- [ ] Defect
- [x] Feature Request or Change Proposal
Defects
an authentication error during connect needs to return an error with details suitable for debugging the issue. "Authorization Violation" itself is not enough.
If for example the jwt is expired, that should be part of the error. Or if jwt auth is required, was bad, ....
This becomes essential in NGS, where there's no way to access the logs. Any account based logging/tracing will fail as well as there's no account associated with the connection prior to a successful login.
I have mixed feelings about this, mostly due to time at G where we were constantly watching attackers and trying not to give them hints as to what to do better etc or where to concentrate their efforts.
Yeah agree, auth errors shouldnt be too detailed.
Though we should say what access is being denied - cant access topic foo etc but not details about what exactly is wrong with the creds.
Then make it a debug message. I am struggling right now with the error as someone trying to begin with NATS. I have no clue where to look what goes wrong here and it will take me tons of time to get it working... Clearly, documentation around this is also not sufficient, discussing at length various topics in theoretical depth but just no clear path on how to get this working with many working examples....
hello here - still getting this errors with new version of NATS can we see progress with it in 2023 ?
We will make progress here for 2.10. Had alot of other priorities taking precedence.
@derekcollison so from the our perspective for this moment for the start - still impossible to understand and resolve issues with jet streaming which have default authorization=ON
--> we will never know who and what causes to the issues happening
Look for expired credentials, expired client TLS certs, or too short auth timeout configuration for the server.