I’m basically attaching a listener to an event that’s triggered when a controller action completes. Said listener has a dependency that calls a 3rd party API client and do some action. I.e: creates a new document in google drive).
Following the example, if the user hasn’t authorized through OAuth2, the system should redirect to the OAuth page. This action would be done by the listener.
Is this a bad design?
You risk needing to attach many many listeners for this authorization concern.
Ideally you would make it cross cutting, something that gets check before the controller creating the google drive document gets invoked. If your framework does no provide any means to do this then I would explicitly add ‘am I authorized to do this?’ invocations at the controller and not use listeners.
When not authorized, the controller can error out with ‘not authorized’ which can be caught globally somehow to trigger the redirect.
1
Yes.
The proper way to do this is with an Authorize attribute on the controller action method.
2