Expose OAuth error codes

Axel Eirola · Axel Eirola · commit 10493caad17a · 2020-03-12T13:29:40.000+02:00
diff --git a/README.md b/README.md
@@ -395,6 +395,11 @@ try {
 
 ## Error messages
 
+Values are in the `code` field of the rejected Error object.
+
+- OAuth Authorization [error codes](https://tools.ietf.org/html/rfc6749#section-4.1.2.1)
+- OAuth Access Token [error codes](https://tools.ietf.org/html/rfc6749#section-5.2)
+- OpendID Connect Registration [error codes](https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError)
 - `service_configuration_fetch_error` - could not fetch the service configuration
 - `authentication_failed` - user authentication failed
 - `token_refresh_failed` - could not exchange the refresh token for a new JWT
diff --git a/android/src/main/java/com/rnappauth/RNAppAuthModule.java b/android/src/main/java/com/rnappauth/RNAppAuthModule.java
@@ -183,7 +183,7 @@ public void onFetchConfigurationCompleted(
                                 @Nullable AuthorizationServiceConfiguration fetchedConfiguration,
                                 @Nullable AuthorizationException ex) {
                             if (ex != null) {
-                                promise.reject("service_configuration_fetch_error", getErrorMessage(ex));
+                                promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);
                                 return;
                             }
 
@@ -260,7 +260,7 @@ public void onFetchConfigurationCompleted(
                                 @Nullable AuthorizationServiceConfiguration fetchedConfiguration,
                                 @Nullable AuthorizationException ex) {
                             if (ex != null) {
-                                promise.reject("service_configuration_fetch_error", getErrorMessage(ex));
+                                promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);
                                 return;
                             }
 
@@ -344,7 +344,7 @@ public void onFetchConfigurationCompleted(
                                 @Nullable AuthorizationServiceConfiguration fetchedConfiguration,
                                 @Nullable AuthorizationException ex) {
                             if (ex != null) {
-                                promise.reject("service_configuration_fetch_error", getErrorMessage(ex));
+                                promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);
                                 return;
                             }
 
@@ -386,7 +386,7 @@ public void onActivityResult(Activity activity, int requestCode, int resultCode,
             AuthorizationException exception = AuthorizationException.fromIntent(data);
             if (exception != null) {
                 if (promise != null) {
-                    promise.reject("authentication_error", getErrorMessage(exception));
+                    promise.reject(exception.error != null ? exception.error: "authentication_error", exception.getLocalizedMessage(), exception);
                 }
                 return;
             }
@@ -412,7 +412,7 @@ public void onTokenRequestCompleted(
                         }
                     } else {
                         if (promise != null) {
-                            promise.reject("token_exchange_failed", getErrorMessage(ex));
+                            promise.reject(ex.error != null ? ex.error: "token_exchange_failed", ex.getLocalizedMessage(), ex);
                         }
                     }
                 }
@@ -479,7 +479,7 @@ public void onRegistrationRequestCompleted(@Nullable RegistrationResponse respon
                     WritableMap map = RegistrationResponseFactory.registrationResponseToMap(response);
                     promise.resolve(map);
                 } else {
-                    promise.reject("registration_failed", getErrorMessage(ex));
+                    promise.reject(ex.error != null ? ex.error: "registration_failed", ex.getLocalizedMessage(), ex);
                 }
             }
         };
@@ -610,7 +610,7 @@ public void onTokenRequestCompleted(@Nullable TokenResponse response, @Nullable
                     WritableMap map = TokenResponseFactory.tokenResponseToMap(response);
                     promise.resolve(map);
                 } else {
-                    promise.reject("token_refresh_failed", getErrorMessage(ex));
+                    promise.reject(ex.error != null ? ex.error: "token_refresh_failed", ex.getLocalizedMessage(), ex);
                 }
             }
         };
@@ -649,15 +649,6 @@ private ClientAuthentication getClientAuthentication(String clientSecret, String
         return new ClientSecretBasic(clientSecret);
     }
 
-    /*
-     * Return error information if it is available
-     */
-    private String getErrorMessage(AuthorizationException ex){
-        if(ex.errorDescription == null && ex.error != null)
-            return ex.error;
-        return ex.errorDescription;
-    }
-
     /*
      * Create a space-delimited string from an array
      */
diff --git a/index.d.ts b/index.d.ts
@@ -119,3 +119,38 @@ export function revoke(
   config: BaseAuthConfiguration,
   revokeConfig: RevokeConfiguration
 ): Promise<void>;
+
+// https://tools.ietf.org/html/rfc6749#section-4.1.2.1
+type OAuthAuthorizationErrorCode =
+  | 'unauthorized_client'
+  | 'access_denied'
+  | 'unsupported_response_type'
+  | 'invalid_scope'
+  | 'server_error'
+  | 'temporarily_unavailable';
+// https://tools.ietf.org/html/rfc6749#section-5.2
+type OAuthTokenErrorCode =
+  | 'invalid_request'
+  | 'invalid_client'
+  | 'invalid_grant'
+  | 'unauthorized_client'
+  | 'unsupported_grant_type'
+  | 'invalid_scope';
+// https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
+type OICRegistrationErrorCode = 'invalid_redirect_uri' | 'invalid_client_metadata';
+type AppAuthErrorCode =
+  | 'service_configuration_fetch_error'
+  | 'authentication_failed'
+  | 'token_refresh_failed'
+  | 'registration_failed'
+  | 'browser_not_found';
+
+type ErrorCode =
+  | OAuthAuthorizationErrorCode
+  | OAuthTokenErrorCode
+  | OICRegistrationErrorCode
+  | AppAuthErrorCode;
+
+export interface AppAuthError extends Error {
+  code: ErrorCode;
+}
diff --git a/ios/RNAppAuth.m b/ios/RNAppAuth.m
@@ -243,7 +243,8 @@ - (void)registerWithConfiguration: (OIDServiceConfiguration *) configuration
                                                  if (response) {
                                                      resolve([self formatRegistrationResponse:response]);
                                                  } else {
-                                                     reject(@"registration_failed", [error localizedDescription], error);
+                                                     reject([self getErrorCode: error defaultCode:@"registration_failed"],
+                                                            [error localizedDescription], error);
                                                  }
                                             }];
 }
@@ -308,7 +309,8 @@ - (void)authorizeWithConfiguration: (OIDServiceConfiguration *) configuration
                                                            resolve([self formatResponse:authState.lastTokenResponse
                                                                withAuthResponse:authState.lastAuthorizationResponse]);
                                                        } else {
-                                                           reject(@"authentication_failed", [error localizedDescription], error);
+                                                           reject([self getErrorCode: error defaultCode:@"authentication_failed"],
+                                                                  [error localizedDescription], error);
                                                        }
                                                    }]; // end [OIDAuthState authStateByPresentingAuthorizationRequest:request
 }
@@ -345,7 +347,8 @@ - (void)refreshWithConfiguration: (OIDServiceConfiguration *)configuration
                                             if (response) {
                                                 resolve([self formatResponse:response]);
                                             } else {
-                                                reject(@"token_refresh_failed", [error localizedDescription], error);
+                                                reject([self getErrorCode: error defaultCode:@"token_refresh_failed"],
+                                                       [error localizedDescription], error);
                                             }
                                         }];
 }
@@ -407,4 +410,51 @@ - (NSDictionary*)formatRegistrationResponse: (OIDRegistrationResponse*) response
              };
 }
 
+- (NSString*)getErrorCode: (NSError*) error defaultCode: (NSString *) defaultCode {
+    if ([[error domain] isEqualToString:OIDOAuthAuthorizationErrorDomain]) {
+        switch ([error code]) {
+            case OIDErrorCodeOAuthAuthorizationInvalidRequest:
+              return @"invalid_request";
+            case OIDErrorCodeOAuthAuthorizationUnauthorizedClient:
+              return @"unauthorized_client";
+            case OIDErrorCodeOAuthAuthorizationAccessDenied:
+              return @"access_denied";
+            case OIDErrorCodeOAuthAuthorizationUnsupportedResponseType:
+              return @"unsupported_response_type";
+            case OIDErrorCodeOAuthAuthorizationAuthorizationInvalidScope:
+              return @"invalid_scope";
+            case OIDErrorCodeOAuthAuthorizationServerError:
+              return @"server_error";
+            case OIDErrorCodeOAuthAuthorizationTemporarilyUnavailable:
+              return @"temporarily_unavailable";
+        }
+    } else if ([[error domain] isEqualToString:OIDOAuthTokenErrorDomain]) {
+        switch ([error code]) {
+            case OIDErrorCodeOAuthTokenInvalidRequest:
+              return @"invalid_request";
+            case OIDErrorCodeOAuthTokenInvalidClient:
+              return @"invalid_client";
+            case OIDErrorCodeOAuthTokenInvalidGrant:
+              return @"invalid_grant";
+            case OIDErrorCodeOAuthTokenUnauthorizedClient:
+              return @"unauthorized_client";
+            case OIDErrorCodeOAuthTokenUnsupportedGrantType:
+              return @"unsupported_grant_type";
+            case OIDErrorCodeOAuthTokenInvalidScope:
+              return @"invalid_scope";
+        }
+    } else if ([[error domain] isEqualToString:OIDOAuthRegistrationErrorDomain]) {
+        switch ([error code]) {
+            case OIDErrorCodeOAuthRegistrationInvalidRequest:
+              return @"invalid_request";
+            case OIDErrorCodeOAuthRegistrationInvalidRedirectURI:
+              return @"invalid_redirect_uri";
+            case OIDErrorCodeOAuthRegistrationInvalidClientMetadata:
+              return @"invalid_client_metadata";
+        }
+    }
+
+    return defaultCode;
+}
+
 @end

Original file line number	Diff line number	Diff line change
`@@ -183,7 +183,7 @@ public void onFetchConfigurationCompleted(`
`183`	`183`	`@Nullable AuthorizationServiceConfiguration fetchedConfiguration,`
`184`	`184`	`@Nullable AuthorizationException ex) {`
`185`	`185`	`if (ex != null) {`
`186`		`- promise.reject("service_configuration_fetch_error", getErrorMessage(ex));`
	`186`	`+ promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);`
`187`	`187`	`return;`
`188`	`188`	`}`
`189`	`189`
`@@ -260,7 +260,7 @@ public void onFetchConfigurationCompleted(`
`260`	`260`	`@Nullable AuthorizationServiceConfiguration fetchedConfiguration,`
`261`	`261`	`@Nullable AuthorizationException ex) {`
`262`	`262`	`if (ex != null) {`
`263`		`- promise.reject("service_configuration_fetch_error", getErrorMessage(ex));`
	`263`	`+ promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);`
`264`	`264`	`return;`
`265`	`265`	`}`
`266`	`266`
`@@ -344,7 +344,7 @@ public void onFetchConfigurationCompleted(`
`344`	`344`	`@Nullable AuthorizationServiceConfiguration fetchedConfiguration,`
`345`	`345`	`@Nullable AuthorizationException ex) {`
`346`	`346`	`if (ex != null) {`
`347`		`- promise.reject("service_configuration_fetch_error", getErrorMessage(ex));`
	`347`	`+ promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);`
`348`	`348`	`return;`
`349`	`349`	`}`
`350`	`350`
`@@ -386,7 +386,7 @@ public void onActivityResult(Activity activity, int requestCode, int resultCode,`
`386`	`386`	`AuthorizationException exception = AuthorizationException.fromIntent(data);`
`387`	`387`	`if (exception != null) {`
`388`	`388`	`if (promise != null) {`
`389`		`- promise.reject("authentication_error", getErrorMessage(exception));`
	`389`	`+ promise.reject(exception.error != null ? exception.error: "authentication_error", exception.getLocalizedMessage(), exception);`
`390`	`390`	`}`
`391`	`391`	`return;`
`392`	`392`	`}`
`@@ -412,7 +412,7 @@ public void onTokenRequestCompleted(`
`412`	`412`	`}`
`413`	`413`	`} else {`
`414`	`414`	`if (promise != null) {`
`415`		`- promise.reject("token_exchange_failed", getErrorMessage(ex));`
	`415`	`+ promise.reject(ex.error != null ? ex.error: "token_exchange_failed", ex.getLocalizedMessage(), ex);`
`416`	`416`	`}`
`417`	`417`	`}`
`418`	`418`	`}`
`@@ -479,7 +479,7 @@ public void onRegistrationRequestCompleted(@Nullable RegistrationResponse respon`
`479`	`479`	`WritableMap map = RegistrationResponseFactory.registrationResponseToMap(response);`
`480`	`480`	`promise.resolve(map);`
`481`	`481`	`} else {`
`482`		`- promise.reject("registration_failed", getErrorMessage(ex));`
	`482`	`+ promise.reject(ex.error != null ? ex.error: "registration_failed", ex.getLocalizedMessage(), ex);`
`483`	`483`	`}`
`484`	`484`	`}`
`485`	`485`	`};`
`@@ -610,7 +610,7 @@ public void onTokenRequestCompleted(@Nullable TokenResponse response, @Nullable`
`610`	`610`	`WritableMap map = TokenResponseFactory.tokenResponseToMap(response);`
`611`	`611`	`promise.resolve(map);`
`612`	`612`	`} else {`
`613`		`- promise.reject("token_refresh_failed", getErrorMessage(ex));`
	`613`	`+ promise.reject(ex.error != null ? ex.error: "token_refresh_failed", ex.getLocalizedMessage(), ex);`
`614`	`614`	`}`
`615`	`615`	`}`
`616`	`616`	`};`
`@@ -649,15 +649,6 @@ private ClientAuthentication getClientAuthentication(String clientSecret, String`
`649`	`649`	`return new ClientSecretBasic(clientSecret);`
`650`	`650`	`}`
`651`	`651`
`652`		`- /*`
`653`		`- * Return error information if it is available`
`654`		`- */`
`655`		`- private String getErrorMessage(AuthorizationException ex){`
`656`		`- if(ex.errorDescription == null && ex.error != null)`
`657`		`- return ex.error;`
`658`		`- return ex.errorDescription;`
`659`		`- }`
`660`		`-`
`661`	`652`	`/*`
`662`	`653`	`* Create a space-delimited string from an array`
`663`	`654`	`*/`