Unauthorized handling

Question

Unauthorized handling

Vivalldi opened this issue 8 years ago · comments

Presume I have the following code,

object MyController extends Controller {

  import scalaoauth2.provider.OAuth2ProviderActionBuilders._

  def list = AuthorizedAction(new MyDataHandler()) { request =>
    val user = request.authInfo.user // User is defined on your system
    // access resource for the user
  }
}

how would I go about sending a unauthorized JSON response if the Action is unauthorized?

Tsuyoshi Yoshizawa · Answer 1 · Mon May 30 2016 10:31:13 GMT+0800 (China Standard Time)

Action send only header without sending a body response by default.

https://github.com/nulab/scala-oauth2-provider/blob/0.17.2/play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala#L158

Tyler Cosgrove · Answer 2 · Wed Jun 01 2016 03:15:22 GMT+0800 (China Standard Time)

So is there anyway to override that? Because many REST API's could benefit from this OAuth library but REST API's, by standard, return JSON errors, in addition to the Status code.

Ryan Means · Answer 3 · Wed Jun 01 2016 04:43:56 GMT+0800 (China Standard Time)

For what it's worth, I don't use the play side of this library. I use just the OAuth library side and I provided my own play wrapper - by doing such, you can customize just about whatever response you want.

Tsuyoshi Yoshizawa · Answer 4 · Wed Jun 01 2016 10:32:36 GMT+0800 (China Standard Time)

So is there anyway to override that?

No, there isn't in AuthorizedAction. The action is just wrapper as rmmeans said.

You could directly use OAuth2Provider instead AuthorizedAction and just override authorize method.

OAuth2ProviderActionBuilders.AuthorizedAction uses OAuth2Provider trait in AuthorizedActionFunction class.

If you want to use ActionBuilder style, I recommend you create customized ActionBuilder by yourself.
PR is welcome if you created good customizable AuthorizedAction.