I'm trying to understand how to handle errors. Would be happy to add a readme section about this if you can help me understand best practices.
Best practices says
Handle Errors Gracefully: Catch and handle errors properly, providing clear error messages.
The gem internally uses http status codes + json rpc error codes:
|
def unauthorized_response(request) |
|
@logger.error('Unauthorized request: Invalid or missing authentication token') |
|
body = JSON.generate( |
|
{ |
|
jsonrpc: '2.0', |
|
error: { |
|
code: -32_000, |
|
message: 'Unauthorized: Invalid or missing authentication token' |
|
}, |
|
id: extract_request_id(request) |
|
} |
|
) |
|
|
|
[401, { 'Content-Type' => 'application/json' }, [body]] |
|
end |
I think the http status could also be 200, but we can follow the gem's convention to also return http error codes. So for my own app authentication, I can do something similar in a middleware.
What about authorization? This would happen in the tool/resource layer e.g. with pundit. Few issues/questions here:
1, I no longer have access to control the http response here. So this would be a 200 with error object in the body. I guess that's also fine, just a matter of convention?
2, In tools I can return an error object, however if i return an error object from a resource, this gets rendered as:
{
"contents": [
{
"uri": "supplier://current",
"mimeType": "application/json",
"text": "{\"error\":true,\"code\":\"authorizartion_failed\",\"message\":\"Don't have acces to requested resource\"}"
}
]
}I don't think this is correct. Shouldn't the error object be on the top-level? Which would be the case for tools but not sure how to achieve that for resources.
The gem swallowes errors. If there would be option to turn that off I could catch errors like Pundit::NotAuthorizedError in the middleware and handle it.
I'm trying to understand how to handle errors. Would be happy to add a readme section about this if you can help me understand best practices.
Best practices says
The gem internally uses http status codes + json rpc error codes:
fast-mcp/lib/mcp/transports/authenticated_rack_transport.rb
Lines 42 to 56 in 7ec08b9
I think the http status could also be 200, but we can follow the gem's convention to also return http error codes. So for my own app authentication, I can do something similar in a middleware.
What about authorization? This would happen in the tool/resource layer e.g. with pundit. Few issues/questions here:
1, I no longer have access to control the http response here. So this would be a 200 with error object in the body. I guess that's also fine, just a matter of convention?
2, In tools I can return an error object, however if i return an error object from a resource, this gets rendered as:
{ "contents": [ { "uri": "supplier://current", "mimeType": "application/json", "text": "{\"error\":true,\"code\":\"authorizartion_failed\",\"message\":\"Don't have acces to requested resource\"}" } ] }I don't think this is correct. Shouldn't the error object be on the top-level? Which would be the case for tools but not sure how to achieve that for resources.
The gem swallowes errors. If there would be option to turn that off I could catch errors like
Pundit::NotAuthorizedErrorin the middleware and handle it.