rocket_oauth2 icon indicating copy to clipboard operation
rocket_oauth2 copied to clipboard
verified publisher icon jebrosen

Handle 400 errors from the authorization server

Open uttarayan21 opened this issue 4 years ago • 3 comments

I was wondering if there is any way to handle custom status codes other than 200.

I get the redirect to callback_url with something like this

https://b5f6-45-251-234-73.ngrok.io/auth/instagram?code=AQBwRfNKQFHiv-X6m0-O8M9iLDrM-uVMwDcjYSyLRzIUeXylPVhu4V7qIZcEuT37yi21QtBjhiuvBAdi1g2jo_ddS68I3bIIcEddezdbsDo8GOLrxVVxupQpPKH5Fz6WaxGEbkzfUu9nhdiLy5Pa5Ri1sFm1GksUmK9jWRfHPfS73jgiL0jO45w91EQgR5kui3vHzchklRx-H_xDh9-YIb8i9ScdJsYXJZydBNZ5s4V9cA&state=3INTGxYIbi5lBu9ROTtUXw#_

but with 400 bad request.

So my question is, Is there any simple way to handle the 400 status code ?

uttarayan21 avatar Nov 12 '21 08:11 uttarayan21

It depends on when exactly the 400 is being returned. Is the 400 status code the one returned from Instagram, or did the TokenRequest guard fail and indicate a 400 response? The log should explain either case in more detail.

In case you do want or need to handle errors in the token exchange, you can use the Result request guard to "catch" the error instead:

#[get("/example")]
fn example_callback(token: Result<TokenResponse<GitHub>, rocket_oauth2::Error>, cookies: &CookieJar<'_>) -> Redirect { ... }

jebrosen avatar Nov 17 '21 00:11 jebrosen

Oh I see. I'll try that. The 400 status code AFAIK is being sent by instagram. I think it's indicated in the their docs somewhere but I can't find it right now but you can see here or here for stackoverflow questions regarding it.

This is the relevant part of the log.

GET /auth/instagram?code=AQDPOpOqCscv3vF6njUh4jNqu99wqMxKcH9kz9e384jNoTcesyGJLJ7h78nd3s6-d1R0RbXYO8CF3GQ5J_34CusAWzoDMrgRoJUVojlRwjJDNNOYvPz1AwNhi6KM6mE0rE63sSBMesuDOl-cIvFjlnpUto63L5RYy5C5d2pJBpcD6kmPiaYebe0I_ig_y8CddVs7AmLPhok90T6UJq1Ynlz6N3Zbb3JxJdOwYdYJ9T11og&state=JIsACzNC19Ezz2_EaqjliQ text/html:
   >> Matched: (instagram_callback) GET /auth/instagram
Warning: OAuth2 token exchange failed: token exchange returned non-success status code: 400
   >> `TokenResponse < Instagram >` request guard failed: Error { kind: ExchangeError(400), source: None }.
   >> Outcome: Failure
   >> No 400 catcher registered. Using Rocket default.
   >> Response succeeded.

uttarayan21 avatar Nov 17 '21 04:11 uttarayan21

Warning: OAuth2 token exchange failed: token exchange returned non-success status code: 400

Yeah, in this case it's Instagram responding with 400. I think you've actually stumbled on a long-unimplemented feature that I all but forgot: the authorization server can include a human-readable error description, but rocket_oauth2's default adapter does not attempt to read it. This looks like a more straightforward addition than I remember, so I'm going to repoen this issue to make it more visible.

jebrosen avatar Nov 17 '21 19:11 jebrosen