AppAuth-JS
AppAuth-JS copied to clipboard
Improved error handling for NodeRequestor
Expected Behavior
Describe expected behavior
Failing requests to /token
endpoint (status code 400) should reject with the full error returned by the client in the body of the request. The body contains information for the reason of a failing request (eg. refresh_token expired, client authentication not successful)
Describe the problem
Currently the requestors rejects with new AppAuthError(statusMessage)
(FetchRequestor
rejects with new AppAuthError(statusCode, statusMessage)
).
As the app does not receive the error response (see RFC 6749 section 5.2) it can't handle accordingly.
Actual Behavior
NodeRequestor
rejects with Bad Request
only.
Steps to reproduce the behavior
Issue a Token Request with an invalid authorization code:
const requestor = new NodeRequestor();
const tokenHandler = new BaseTokenRequestHandler(requestor);
const request = new TokenRequest({
client_id: idpConfig.clientId,
redirect_uri: idpConfig.redirectUri,
grant_type: GRANT_TYPE_AUTHORIZATION_CODE,
code: 'INVALID CODE',
refresh_token: undefined,
extras: extras
});
tokenHandler.performTokenRequest(serviceConfiguration, request)
.then(response => {})
.catch(err => {
//err is {message:'Bad Request'},
//err should be {message: 'Bad Request', code: 400, body: { error: 'invalid_grant', error_description: 'Malformed auth code.' }}
});
Environment
- AppAuth-JS version: 1.2.4
- AppAuth-JS Environment: Node (also applicable for Browser in
JQueryRequestor
andFetchRequestor
)
Yes. I should get to this soon. TypeScript 3.6 is out too. So will do this as a fast-follow.
Whats the status here?
For me this looks good. My project also relies on openid/AppAuth-JS. And i want to handle different token request errors separatly.
Can we merge the PR??
@tikurahul ?
Whats the status here?
@tikurahul can we merge this please?