[Platform/Middleware/Security]: How to return error msg from failed sec def?
Hello everyone,
I'm writing a security middleware that supports multiple security definitions because my endpoint can be authenticated in multiple ways:
Now it appears whenever the first sec def fails, Effect will toss the error and move on to the next sec def, and so only the error from the final security definition ever gets returned back to user. I can understand why that's the default behavior - any failed sec def evaluation shouldn't halt the evaluation of subsequent sec defs. In my case, however, I want to return error 1 to user if they actually provided an invalid API key (instead of telling them they have an invalid session when an API key is provided).
How should I think about structuring my code to achieve this? I appreciate any insight and suggestions. Many thanks in advance
I'm writing a security middleware that supports multiple security definitions because my endpoint can be authenticated in multiple ways:
Now it appears whenever the first sec def fails, Effect will toss the error and move on to the next sec def, and so only the error from the final security definition ever gets returned back to user. I can understand why that's the default behavior - any failed sec def evaluation shouldn't halt the evaluation of subsequent sec defs. In my case, however, I want to return error 1 to user if they actually provided an invalid API key (instead of telling them they have an invalid session when an API key is provided).
How should I think about structuring my code to achieve this? I appreciate any insight and suggestions. Many thanks in advance
Similar Threads
Was this page helpful?
