guardian icon indicating copy to clipboard operation
guardian copied to clipboard
verified publisher icon ueberauth

Opaque errors when token verification fails

Open rawnsley opened this issue 3 years ago • 4 comments

Problem Statement

Caveat: I am new to both Guardian and Elixir

While trying to get the decode_and_verify function working, I was thwarted by obscure error messages. In the end my problem was fixed by being explicit about the allowed algorithms, but the error returned by this function was always CaseClauseError{term: {:error, :badarg}}}

I think this is because the root error is returned by decode_token, then returning_tuple maps it to { :error, _ } (already striping out any useful info), and then the calling function has no matching case clause anyway so it throws a generic CaseClauseError.

This exception is caught in decode_and_verify and an error message is returned, but there is no chance of debugging where the failure originally occured.

I'm not sure what the right behaviour should be in this case or what is canonical Elixir, but as it stands I ended up having to reproduce the call chain line-by-line in my client code until I found the problem, which isn't ideal.

Solution Brainstorm

No response

rawnsley avatar Oct 14 '22 13:10 rawnsley

Hello, @rawnsley! Perhaps a log message, with the original errors, would be helpful. At least it would make it easier to debug the problem

f-francine avatar Nov 16 '22 03:11 f-francine

@f-francine A log message would be great - thank you.

rawnsley avatar Nov 16 '22 08:11 rawnsley

@f-francine thank you so much for the help.

@rawnsley do you mind filling up the "Solution Brainstorm" I am not sure what you are asking us to do or what you would propose.

Or even much better, since you already know how to replicate the issue and whatnot, create a PR with the proposed solution. I am here to help you with it as much as I can.

yordis avatar Nov 24 '22 18:11 yordis

This issue has been automatically marked as "stale:discard". If this issue still relevant, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment.

github-actions[bot] avatar Jun 21 '24 01:06 github-actions[bot]

Closing this issue after a prolonged period of inactivity. If this issue is still relevant, feel free to re-open the issue. Thank you!

github-actions[bot] avatar Jul 07 '24 01:07 github-actions[bot]