For compliance reasons, we need to change the error returned from a failed token validation from invalid_grant to invalid_request.
The logic that drives this is in TokenRequestValidator.cs specifically the method ValidateResourceOwnerCredentialRequestAsync. If you peruse the code you will see that everything it returns is OidcConstants.TokenErrors.InvalidGrant.
My first thought for this was to override the event sink to look for a TokenIssuedFailureEvent with an Error equal to invalid_grant. You can see that the event is dispatched when there is an error in TokenEndpoint.cs but when the event is raised, the error is wrapped in the TokenIssuedFailureEvent and the error is copied by value which means that this approach won't work.
Is there a way that I can alter this behaviour without having to make a code change to IdentityServer4 itself?
Thanks in advance!
Related
This is about NodeJS and Express. I want to add an error handler that simply logs the error in my preferred way. This way also takes care of console output. I don't want, at this point in time anyway, to replace the functionality of the Express default error handler. I want the default error handler to continue doing its thing for the time being, with one exception: Since my logging already took place, and also covers console output, I want the default error handler to pretty much stop adding to the console.
My question is: How do I accomplish this? I did some searching and found nothing, so unsure if I may be using the wrong keywords.
Short Version
Please read at the very bottom for a short version of the question.
Situation
In a question I asked last week, I struggled in finding a solution, which makes our asp.net error visualization waterproof, since there are some edge cases where the asp.net exception handling fails and hence no proper exception visualizations can be created:
How to properly set up ASP.NET web.config to show application specific, safe and user friendly asp.net error messages in edge cases
Desired Solution
As an alternative to the way I described there, in my opinion the best way to make the exception visualization reliable, would be to use the httpErrors-element in system.webServer as a failsave so that any error which is not properly handled by asp.net, leads to a generic error page which is shown based on the settings of the httpErrors-element .
To accomplish this, there must be two things possible:
Error pages properly handled by the application must pass through iis without being replaced with a generic error message
Errors which could not be processed properly in asp.net, must be replaced through IIS.
It is my understanding, that this very behaviour is meant by the existingResponse="Auto" parameter in the httpErrors-element.
The ms documentation states:
Leaves the response untouched only if the SetStatus flag is set.
This is exactly what is necessary: Any successful error page creation in the application (through Application_Error or through an explicitly defined error handling page) can set
Response.TrySkipIisCustomErrors = true and IIS would let the error page pass through. However, every other error which was not successfully handled by the application in asp.net, would not set the flag and hence get the error page which is specified in the httpErrors-element.
The Problem
Sadly, it seems that in MVC5-applications (I don’t known whether the same behavior is true in other environments), the Response.TrySkipIisCustomErrors (fTrySkipCustomErrors) seems to be set automatically to [true], even if it is not set by the application.
Hence we are at the same place, as in my other post: If the error handling of the application blows, there is no way to show an application specific error with existingResponse="Auto", since its not possible to reset the fTrySkipCustomErrors flag.
As an alternative, one can set existingResponse="PassThrough". That's what we do currently, since we want to generate our error pages with a support-code and other helpfull information about the error to be shown to the user, or one can use existingResponse="Replace", but this is not an option, since it replaces any error page so that we don’t can show the user any error-specific information such as the support-code mentionen before.
Quesition in Short
The question is therefore, how to make sure that MVC5 (asp.net) does not set the fTrySkipCustomErrors flag automatically to [true], since there are situations, where no application code is executed and hence the Response.TrySkipIisCustomErrors (fTrySkipCustomErrors) cannot be set to false, what renders the existingResponse="Auto" parameter moot.
To check such a situation where the asp.net MVC5 exception handling blows but the fTrySkipCustomErrors flag is set to true, please request the following page from your MVC5 application:
http[s]://[yourWebsite]/com1
Please note: I'm not interested in disabling the above error. It's an example. I want the error visualization reliable and not to have to circumvent every error that possibly can blow asp.net's error handling mechanisms.
I am new to mulesoft and while studing it i strugle to understand why on module "onErrorPropagate" the error is being rethrown after executing the scope.
can you explain the benefits?
An on-error-propagate will rollback any transactions, execute, and use that result to rethrow the existing error––meaning its owner will be considered as “failing.”
The best use is in a layered system, to allow each layer to do its own small part of an error response.
If you are familiar with Java you can think of it as catching the exception and re-throwing it. For example, sometimes you want to do something with the error yourself, but still want to propagate it upwards for higher levels to deal with.
You could add logging in a specific flow for the error but then leave it to the parent flows to actually deal with the exception.
The "onErrorPropagate" propagates (rethrows) the error to the parent flow (or the global error handler if it's already reached the main flow).
This can be usefull in a few cases.
Say you have some flow specific error handling (e.g. if something goes wrong, set a default payload).
Then you propagate this error to the next level where you have your Global error handler that, say, stores some info in a QA database.
You don't want to have that database connector in every single error handler.
In this way you can achieve a 'java inherritance' like structure, for your errors.
Side note: if you want your error to only be handled and do nothing further, you can use "onErrorContinue"
I've watched quite a few videos on YouTube and have a basic understanding of how to find user-exits (enhancements?) and implement them. However when I try to replicate what I've seen it doesn't appear to be working.
I'm looking to create a user-exit that would execute when a production order has been confirmed (closed/finished) via CO11N. Someone suggested that I put in a line of code "BREAK username." So that I could verify that my code was firing. Nothing breaks. I've tried putting in a message from code found on the internet
MESSAGE s208(00) WITH 'TEST'.
No message is shown. I've activated the include and the project. I've tried different exits/includes and no matter what I do, nothing seems to break or show a message.
Is there something simple I'm missing? I've tried CONFPI05 and CONFPM05.
CONFPI05 is for process orders. CONFPM05 is for plant maintenance orders. First you need to check which kind of order you use. I assume you use production orders. You should check User-Exit CONFPP05 than.
Anyway, I would recommend using BAdI WORKORDER_CONFIRM. Within this BAdI there are methods available where you can raise an error message.
From the BAdI documentation:
Note that in the methods, no system messages may be sent. The only
exceptions are the AT_SAVE and AT_CANCEL_CHECK methods. Within these
methods, a system message may be issued, but only if you trigger the
exception ERROR_WITH_MESSAGE (for AT_SAVE method) or NOT_ALLOWED (for
AT_CANCEL_CHECK method) at the same time.
Note also that within the methods, the "commit work" instruction may
not be carried out because this would lead to incorrect data in the
database.
I strongly recommend not to use MESSAGE statement in any User-Exit or BAdI implementation. The MESSAGE statement will implicit call a COMMIT WORK which could cause database inconsistencies (happens very often by the way).
One additional note. You should check using Checkpoint Groups instead of using BREAK-POINT or BREAK username directly.
I checked the documentation:
CONFPI05 to update your own data after saving the confirmation
In another documentation I found another warning:
In this customer enhancement it is strictly forbidden to send error messages or other messages because otherwise there is the danger that data will be inconsistent. SAP cannot be held responsible for this!!
This sounds like changes in update task. By default breakpoints in update task are not enabled.
Should your code be processed after you pushed save?
If yes, what you can try:
Set anywhere a breakpoint. Or try /h during data insertion.
In debug screen activate the update debugging:
Continue the process with F8.
Hopefully you stop at your break-point.
Let's say that a request is sent to server via xhrPost and server finds that request needs more information to be processed (for example a variable is missing), so, a response is sent back to client informing that request may have not been completely processed and this message is shown in a dialog box.
I was doing it sending from server an HTTP 202 status code, which I believe is not correct, and treating it on load function, where this message was displayed on a dialog box. But if I respond with some HTTP error code (ex: 400) the error is displayed in console (Note: in this case the message is treated in error function), as well as in my dialog box.
What is the best and correct way to do it?
Note that it is called a load handler, not a success handler.
The load hander is for valid, well formatted responses. These can contain a verity of status codes generated by your server side app that indicates success, failure, or something in between.
The error is just that, the server blew up while trying to process the request and whatever you get back is probably not something your widget was written to expect. For this reason, I recommend using the same error handler across your whole app.
The dojo documentation states:
Sometimes xhrGet calls will fail. Often these are 404 errors or server errors such as 500. The error parameter is another callback function that is only invoked when an error occurs. This allows you to control what happens when an error occurs without having to put a lot of logic into your load function to check for error conditions. The first parameter passed to the error function is a JavaScript Error object indicating what the failure was. Dojo doc