Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Implement IEndpointMetadataProvider on Result types like Forbid, Unauthorized, etc

See original GitHub issue

Recently, I noticed some types at https://github.com/dotnet/aspnetcore/tree/main/src/Http/Http.Results/src are not implementing IEndpointMetadataProvider.PopulateMetadata(...). Doing so would allow types like ForbidHttpResult and UnauthorizedHttpResult to shown up in Swagger/OpenAPI when used.

Issue Analytics

State:
Created 9 months ago
Comments:8 (8 by maintainers)

Top GitHub Comments

1reaction

davidfowlcommented, Jan 4, 2023

There are 2 things that typed results do:

Give you strong type checks.
Express metadata for open API.

I think we should do this for UnauthorizedHttpResult as the workaround currently is to fallback to manual produces metadata. ForbidHttpResult is a bit trickier because it relies on the authentication handler implementation of Forbid. We might need another result type here that’s purely a 403 without going through the authN system.

If there are situations where people want to avoid advertising the 401 in their APIs after this change, we’d need a way to suppress this metadata, but also keep the type safety. I don’t know how big of a deal this is today or how easy it needs to be though.

0reactions

msftbot[bot]commented, Jan 9, 2023

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.

See our Issue Management Policies for more information.