Serializing of exceptions for specific endpoints

jezzsantos · December 22, 2016, 2:57am

I am looking for the best way (i.e. most maintainable way) to customize the exact exception data on the wire for a small number of my existing service operations.
I really only want to customize for one or two of my services, and even then one or two of my operations of those services. So I am looking to see If I can do this in a ResponseFilterAttribute ideally, that I can slap onto specific operations.

What I need to do is comply with (RFC6749 OAuth 2.0), and return errors as a serialized JSON structure.

Currently, my service is existing and is setup as a standard service with a DTO that has a ResponseStatus property (as recommended).

public class MyRequestDtoResponse
{
    public ResponseStatus ReponseStatus { get; set; }
}

Presently, errors are coming back on the wire like so:

{
	"ResponseStatus": {
		"ErrorCode": "RuleViolationException",
		"Message": "{\"error\":\"invalid_grant\",\"error_description\":\"Client authentication failed. (rfc6749)\"}",
		"Errors": []
	}
}

What I think RFC6749 needs me to return is:

{
	"error": "invalid_grant",
	"error_description": "Client authentication failed. (rfc6749)"
}

which, you can see, is already present in the ResponseStatus.Message already, just how I want it.

Can I create a ResponseFilter that will give me what I need?
How would that work?

(p.s. already utilize Config.MapExceptionToStatusCode to map my specific exceptions to specific status codes across my services, and custom code in OnExceptionTypeFilter . I don’t want to interfere with any of that for these specific operations.)

mythz · December 22, 2016, 10:49am

To control the error response you’ll need to write it directly to the Response yourself which you can do with a Response Filter, IMO the easiest solution is to use a Custom Exception and a Global Response Filter, that way you don’t need to remember to annotate specific services, e.g:

GlobalResponseFilters.Add((req, res, response) =>
{
    var ex = response as OAuth2Exception;
    if (ex == null) return;
    
    res.StatusCode = (int)HttpStatusCode.Unauthorized;
    res.ContentType = MimeTypes.Json;
    res.Write($$"{\"error\":\"{ex.Message}\",\"error_description\":\"{ex.Description}\"}");
    res.EndRequest(skipHeaders: true);
});

Anyway that’s the general idea.

jezzsantos · December 22, 2016, 11:22pm

Thanks, the filter works as expected, but it seems becuase I already have a: appHost.ServiceExceptionHandlers registered it that handler is handling my exception first and messing up the filter (since the exception is not one of the registered exceptions in MapExceptionToStatusCode).

Now, if I register another appHost.ServiceExceptionHandler.Add(mydelegate) that handles my special kind of exception first, then I can return whatever response I like in that delegate, and that seems to work.

Then only thing that does not work now, is that the response content comes back as I like, but the StatusCode is 200, not a 400. How do I set the status code of the response?

jezzsantos · December 22, 2016, 11:28pm

Ah, got it! stupid me.

            ServiceExceptionHandlers.Add((req, request, exception) =>
            {
                if (exception is MyCustomException)
                {
                    req.Response.StatusCode = 400;
                    return "{\"error\":\"invalid_grant\",\"error_description\":\"Client authentication failed. (rfc6749)\"}";
                }

                return null;
            });

thanks Mythz.

jezzsantos · December 23, 2016, 6:36am

OK, now what if I wanted my validation errors (from my AbstractValidators<TDto> to come back in this form:

{
	"error": "invalid_request",
	"error_description": "The 'Password' for the request is not a valid password"
}

instead of in the standard form:

{
	"ResponseStatus": {
		"ErrorCode": "NotEmpty",
		"Message": "The 'Password' for the request is not a valid password",
		"Errors": [{
				"ErrorCode": "NotEmpty",
				"FieldName": "Password",
				"Message": "The 'Password' for the request is not a valid password",
				"Meta": {
					"PropertyName": "Password"
				}
			}
		],
	}
}

How would I control that just for specific operations?

mythz · December 23, 2016, 11:06am

If you want to change how validation errors are serialized you’ll need to rewrite the Validation Feature plugin which are mostly contained in these 2 classes:

So instead of registering the built-in ValidationFeature, you’ll need to register your own customized version.

jezzsantos · December 23, 2016, 11:23pm

Oh, that does not sound like something I for one fancy doing!

I haven’t tried it yet, but I was hoping you would say that I could just handle a ValidationException in a ServiceExceptionHandlers just like I do for my custom exception?

(Oh well, I might have to just be a little non-compliant with errors and RFC6749, which is fine for us at this stage.)

Cheers

Merry Christmas