Handling different Joken error messages with json()

Hi all,

A beginner here. I have the following plug code from an example Auth0 repo:

 def call(conn, _default) do
    with {:ok, token} when is_binary(token) <- get_token(conn),
         {:ok, claims} <- Token.verify_and_validate(token) do
      conn
      |> assign(:claims, claims)
    else
      {:error, error} -> handle_error_response(conn, error)
    end
  end

  defp get_token(conn) do
    case get_req_header(conn, "authorization") do
      ["Bearer " <> token] -> {:ok, token}
      ["bearer " <> token] -> {:ok, token}
      [] -> {:error, :missing_token}
      ["Bearer"] -> {:error, :invalid_token}
      _ -> {:error, :invalid_token}
    end
  end

  defp handle_error_response(conn, error) do
    IO.inspect(error, label: "error")

    conn
    |> put_status(401)
    |> json(%{error: error})
    |> halt()
  end
end

Now all works as expected until I use an expired JWT, which gives a more complex error message:

error: [message: "Invalid token", claim: "exp", claim_val: 1675775785]
[info] Sent 500 in 59ms
[error] #PID<0.13753.0> running Phoenix.Endpoint.SyncCodeReloadPlug (connection #PID<0.13752.0>, stream id 1) terminated
Server: localhost:4000 (http)
Request: GET /api/phone-numbers/44790323266
** (exit) an exception was raised:
    ** (Protocol.UndefinedError) protocol Jason.Encoder not implemented for {:message, "Invalid token"} of type Tuple, Jason.Encoder protocol must always be explicitly implemented. This protocol is implemented for the following type(s): Any, Atom, BitString, Date, DateTime, Decimal, Ecto.Association.NotLoaded, Ecto.Schema.Metadata, Float, Integer, Jason.Fragment, Jason.OrderedObject, List, Map, MixAudit.Advisory, MixAudit.Dependency, MixAudit.Report, MixAudit.Vulnerability, NaiveDateTime, Sentrypeer.SentrypeerEvents.SentrypeerEvent, Time
        (jason 1.4.0) lib/jason.ex:213: Jason.encode_to_iodata!/2
        (phoenix 1.7.0-rc.2) lib/phoenix/controller.ex:346: Phoenix.Controller.json/2

using a malformed JWT just creates a single atom error like :signature_error.

What docs do you recommend I read to understand how to pick apart/pattern match/case the error getting passed into handle_error_response so json() can handle it?

I tried:

    if Map.has_key(error, :message) do
      conn
      |> put_status(401)
      |> json(%{error: error["message"]})
      |> halt()
    else
      conn
      |> put_status(401)
      |> json(%{error: error})
      |> halt()
    end

but that’s not right and even if I got the if right, it smells funny.

Thanks for any pointers you can give me.

Gavin.

This kind of works until a simple message is first:

defp handle_error_response(conn, error) do
    IO.inspect(error, label: "error")

    if List.keymember?(error, :message, 0) do
      Logger.info("Complex: " <> error[:message])
      conn
      |> put_status(401)
      |> json(%{error: error[:message]})
      |> halt()
    else
      Logger.error("Normal: " <> error)
      conn
      |> put_status(401)
      |> json(%{error: error})
      |> halt()
    end
  end

then I get:

** (exit) an exception was raised:
    ** (ArgumentError) errors were found at the given arguments:

  * 3rd argument: not a list

        (stdlib 4.2) :lists.keymember(:message, 1, :signature_error)
        (elixir 1.14.3) lib/list.ex:412: List.keymember?/3
        (sentrypeer 0.1.0) lib/sentrypeer/auth/authorize.ex:56: Sentrypeer.Auth.Authorize.handle_error_response/2

Got it, but ugly:


  defp handle_error_response(conn, error) do
    if is_atom(error) do
      conn
      |> put_status(401)
      |> json(%{error: error})
      |> halt()
    else
      conn
      |> put_status(401)
      |> json(%{error: error[:message], reason: error[:claim]})
      |> halt()
    end
  end

Can you still suggest a better way or pointers for docs for me to read about the right type of pattern to use?

What’s consuming the result of handle_error_response?

If you only need error for debugging purposes, this would avoid JSON-encoding headaches:

  defp handle_error_response(conn, error) do
    conn
    |> put_status(401)
    |> json(%{error: inspect(error)})
    |> halt()
  end

Then error in the JSON result will reliably be a string, regardless of what sort of error_reason Joken gives.

1 Like

Just API clients trying to auth using a JWT received from a m2m client creds OAuth 2.0 Auth0 session like so:


  scope "/api", SentrypeerWeb do
    pipe_through [:api, :api_authorization]

    resources "/events", SentrypeerEventController, only: [:create]
    get "/phone-numbers/:phone_number", SentrypeerEventController, :check_phone_number
    get "/ip-addresses/:ip_address", SentrypeerEventController, :check_ip_address
  end

so your way looks easier. Thanks!

Actually, inspect is a bit messy with the atoms showing etc.