12.
ResponseFactory: Centralize Error Responses
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
Whoops, an error! Please, try again later.
10 Comments
Hey Ryan. great course, I have a question: Why not just throw new ApiProblemException?
like this:
$apiProblem=new ApiProblem(401);
$message=($authException)?$authException->getMessageKey():"Missing credentials.";
$apiProblem->set("detail",$message);
throw new ApiProblemException($apiProblem);
Hi Mahmood!
Thank you :). And you know, honestly, it hadn't occurred to me - but it's really interesting! Does your code work?
By the time start() is called, you're actually already inside of Symfony's Exception-handling logic. So, throwing *another* exception *might* cause problems... but I actually think you're right (as the security system is built to allow this).
In other words - I wish I had thought of this! :D
Yes it works for me and all tests are passed! but because you are the author of Symfony security Guard you know the structure better.
I'm so glad that I have found your website and courses.
Awesome! Thanks for sharing your nice (and simpler) solution!
I am using Symfony 4 and this is the error I am getting:
Cannot autowire service "App\EventListener\ApiExceptionSubscriber": argument "$debug" of method "__construct()" has no type-hint, you should configure its value explicitly.
Fixed it:
App\EventListener\ApiExceptionSubscriber:
autowire: false
arguments: ['%kernel.debug%', '@api.response_factory']
tags:
- { name: kernel.event_subscriber }
Hey man,
you don't have to disable autowiring, you can specify just the argument that you need to.
Cheers!
Hi Ryan,
Just wondering : what's the purpose of the TokenController, I mean I know its role is to return a Token, but why we need it?
We can authenticate in ProgrammerController without it.
Maybe I think I get it.
Tell me if I'm wrong or not.
If I plug a REST Client, like a frontend React app and build a login page, the React app send the Users crendentials to the TokenController and then get back the token. Then, with the client can send this token inside the header to make authentication.
Yo Chuck!
Yep, you've got it exactly - I won't even re-summarize because you described it perfectly :).
But, btw - there's a lazy way to handle authentication with JS: if you have a traditional server-side login form that uses cookies to log you in (i.e. the way we've been logging people in for 15 years), then if you make AJAX calls from React or anything else, it will automatically be authenticated because it sends the session cookie. This would no longer be a pure, 100% client-side app, but honestly, I think sometimes when people are building an API just to support their JS frontend, they don't realize this is also an option :).
Cheers!
"Houston: no signs of life"
Start the conversation!