Merge pull request FormidableLabs#482 from aeirola/oauth-error-codes

Kadi Kraman · web-flow · commit 82ab731e46f7 · 2020-08-04T20:13:58.000+01:00
Expose OAuth error codes
diff --git a/README.md b/README.md
@@ -428,6 +428,11 @@ try {
 
 ## Error messages
 
+Values are in the `code` field of the rejected Error object.
+
+- OAuth Authorization [error codes](https://tools.ietf.org/html/rfc6749#section-4.1.2.1)
+- OAuth Access Token [error codes](https://tools.ietf.org/html/rfc6749#section-5.2)
+- OpendID Connect Registration [error codes](https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError)
 - `service_configuration_fetch_error` - could not fetch the service configuration
 - `authentication_failed` - user authentication failed
 - `token_refresh_failed` - could not exchange the refresh token for a new JWT
diff --git a/android/src/main/java/com/rnappauth/RNAppAuthModule.java b/android/src/main/java/com/rnappauth/RNAppAuthModule.java
@@ -185,7 +185,7 @@ public void onFetchConfigurationCompleted(
                                 @Nullable AuthorizationServiceConfiguration fetchedConfiguration,
                                 @Nullable AuthorizationException ex) {
                             if (ex != null) {
-                                promise.reject("service_configuration_fetch_error", getErrorMessage(ex));
+                                promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);
                                 return;
                             }
 
@@ -264,7 +264,7 @@ public void onFetchConfigurationCompleted(
                                 @Nullable AuthorizationServiceConfiguration fetchedConfiguration,
                                 @Nullable AuthorizationException ex) {
                             if (ex != null) {
-                                promise.reject("service_configuration_fetch_error", getErrorMessage(ex));
+                                promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);
                                 return;
                             }
 
@@ -348,7 +348,7 @@ public void onFetchConfigurationCompleted(
                                 @Nullable AuthorizationServiceConfiguration fetchedConfiguration,
                                 @Nullable AuthorizationException ex) {
                             if (ex != null) {
-                                promise.reject("service_configuration_fetch_error", getErrorMessage(ex));
+                                promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);
                                 return;
                             }
 
@@ -390,7 +390,7 @@ public void onActivityResult(Activity activity, int requestCode, int resultCode,
             AuthorizationException exception = AuthorizationException.fromIntent(data);
             if (exception != null) {
                 if (promise != null) {
-                    promise.reject("authentication_error", getErrorMessage(exception));
+                    promise.reject(exception.error != null ? exception.error: "authentication_error", exception.getLocalizedMessage(), exception);
                 }
                 return;
             }
@@ -423,7 +423,7 @@ public void onTokenRequestCompleted(
                         }
                     } else {
                         if (promise != null) {
-                            promise.reject("token_exchange_failed", getErrorMessage(ex));
+                            promise.reject(ex.error != null ? ex.error: "token_exchange_failed", ex.getLocalizedMessage(), ex);
                         }
                     }
                 }
@@ -490,7 +490,7 @@ public void onRegistrationRequestCompleted(@Nullable RegistrationResponse respon
                     WritableMap map = RegistrationResponseFactory.registrationResponseToMap(response);
                     promise.resolve(map);
                 } else {
-                    promise.reject("registration_failed", getErrorMessage(ex));
+                    promise.reject(ex.error != null ? ex.error: "registration_failed", ex.getLocalizedMessage(), ex);
                 }
             }
         };
@@ -621,7 +621,7 @@ public void onTokenRequestCompleted(@Nullable TokenResponse response, @Nullable
                     WritableMap map = TokenResponseFactory.tokenResponseToMap(response);
                     promise.resolve(map);
                 } else {
-                    promise.reject("token_refresh_failed", getErrorMessage(ex));
+                    promise.reject(ex.error != null ? ex.error: "token_refresh_failed", ex.getLocalizedMessage(), ex);
                 }
             }
         };
@@ -660,15 +660,6 @@ private ClientAuthentication getClientAuthentication(String clientSecret, String
         return new ClientSecretBasic(clientSecret);
     }
 
-    /*
-     * Return error information if it is available
-     */
-    private String getErrorMessage(AuthorizationException ex){
-        if(ex.errorDescription == null && ex.error != null)
-            return ex.error;
-        return ex.errorDescription;
-    }
-
     /*
      * Create a space-delimited string from an array
      */
diff --git a/index.d.ts b/index.d.ts
@@ -121,3 +121,38 @@ export function revoke(
   config: BaseAuthConfiguration,
   revokeConfig: RevokeConfiguration
 ): Promise<void>;
+
+// https://tools.ietf.org/html/rfc6749#section-4.1.2.1
+type OAuthAuthorizationErrorCode =
+  | 'unauthorized_client'
+  | 'access_denied'
+  | 'unsupported_response_type'
+  | 'invalid_scope'
+  | 'server_error'
+  | 'temporarily_unavailable';
+// https://tools.ietf.org/html/rfc6749#section-5.2
+type OAuthTokenErrorCode =
+  | 'invalid_request'
+  | 'invalid_client'
+  | 'invalid_grant'
+  | 'unauthorized_client'
+  | 'unsupported_grant_type'
+  | 'invalid_scope';
+// https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
+type OICRegistrationErrorCode = 'invalid_redirect_uri' | 'invalid_client_metadata';
+type AppAuthErrorCode =
+  | 'service_configuration_fetch_error'
+  | 'authentication_failed'
+  | 'token_refresh_failed'
+  | 'registration_failed'
+  | 'browser_not_found';
+
+type ErrorCode =
+  | OAuthAuthorizationErrorCode
+  | OAuthTokenErrorCode
+  | OICRegistrationErrorCode
+  | AppAuthErrorCode;
+
+export interface AppAuthError extends Error {
+  code: ErrorCode;
+}
diff --git a/ios/RNAppAuth.m b/ios/RNAppAuth.m
@@ -246,7 +246,8 @@ - (void)registerWithConfiguration: (OIDServiceConfiguration *) configuration
                                                  if (response) {
                                                      resolve([self formatRegistrationResponse:response]);
                                                  } else {
-                                                     reject(@"registration_failed", [error localizedDescription], error);
+                                                     reject([self getErrorCode: error defaultCode:@"registration_failed"],
+                                                            [error localizedDescription], error);
                                                  }
                                             }];
 }
@@ -311,7 +312,8 @@ - (void)authorizeWithConfiguration: (OIDServiceConfiguration *) configuration
                                                        if (authorizationResponse) {
                                                            resolve([self formatAuthorizationResponse:authorizationResponse]);
                                                        } else {
-                                                           reject(@"authentication_failed", [error localizedDescription], error);
+                                                           reject([self getErrorCode: error defaultCode:@"authentication_failed"],
+                                                                  [error localizedDescription], error);
                                                        }
                                                    }]; // end [OIDAuthState presentAuthorizationRequest:request
     } else {
@@ -364,7 +366,8 @@ - (void)refreshWithConfiguration: (OIDServiceConfiguration *)configuration
                                             if (response) {
                                                 resolve([self formatResponse:response]);
                                             } else {
-                                                reject(@"token_refresh_failed", [error localizedDescription], error);
+                                                reject([self getErrorCode: error defaultCode:@"token_refresh_failed"],
+                                                       [error localizedDescription], error);
                                             }
                                         }];
 }
@@ -447,4 +450,51 @@ - (NSDictionary*)formatRegistrationResponse: (OIDRegistrationResponse*) response
              };
 }
 
+- (NSString*)getErrorCode: (NSError*) error defaultCode: (NSString *) defaultCode {
+    if ([[error domain] isEqualToString:OIDOAuthAuthorizationErrorDomain]) {
+        switch ([error code]) {
+            case OIDErrorCodeOAuthAuthorizationInvalidRequest:
+              return @"invalid_request";
+            case OIDErrorCodeOAuthAuthorizationUnauthorizedClient:
+              return @"unauthorized_client";
+            case OIDErrorCodeOAuthAuthorizationAccessDenied:
+              return @"access_denied";
+            case OIDErrorCodeOAuthAuthorizationUnsupportedResponseType:
+              return @"unsupported_response_type";
+            case OIDErrorCodeOAuthAuthorizationAuthorizationInvalidScope:
+              return @"invalid_scope";
+            case OIDErrorCodeOAuthAuthorizationServerError:
+              return @"server_error";
+            case OIDErrorCodeOAuthAuthorizationTemporarilyUnavailable:
+              return @"temporarily_unavailable";
+        }
+    } else if ([[error domain] isEqualToString:OIDOAuthTokenErrorDomain]) {
+        switch ([error code]) {
+            case OIDErrorCodeOAuthTokenInvalidRequest:
+              return @"invalid_request";
+            case OIDErrorCodeOAuthTokenInvalidClient:
+              return @"invalid_client";
+            case OIDErrorCodeOAuthTokenInvalidGrant:
+              return @"invalid_grant";
+            case OIDErrorCodeOAuthTokenUnauthorizedClient:
+              return @"unauthorized_client";
+            case OIDErrorCodeOAuthTokenUnsupportedGrantType:
+              return @"unsupported_grant_type";
+            case OIDErrorCodeOAuthTokenInvalidScope:
+              return @"invalid_scope";
+        }
+    } else if ([[error domain] isEqualToString:OIDOAuthRegistrationErrorDomain]) {
+        switch ([error code]) {
+            case OIDErrorCodeOAuthRegistrationInvalidRequest:
+              return @"invalid_request";
+            case OIDErrorCodeOAuthRegistrationInvalidRedirectURI:
+              return @"invalid_redirect_uri";
+            case OIDErrorCodeOAuthRegistrationInvalidClientMetadata:
+              return @"invalid_client_metadata";
+        }
+    }
+
+    return defaultCode;
+}
+
 @end

Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,7 @@ public void onFetchConfigurationCompleted(`
`185`	`185`	`@Nullable AuthorizationServiceConfiguration fetchedConfiguration,`
`186`	`186`	`@Nullable AuthorizationException ex) {`
`187`	`187`	`if (ex != null) {`
`188`		`- promise.reject("service_configuration_fetch_error", getErrorMessage(ex));`
	`188`	`+ promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);`
`189`	`189`	`return;`
`190`	`190`	`}`
`191`	`191`
`@@ -264,7 +264,7 @@ public void onFetchConfigurationCompleted(`
`264`	`264`	`@Nullable AuthorizationServiceConfiguration fetchedConfiguration,`
`265`	`265`	`@Nullable AuthorizationException ex) {`
`266`	`266`	`if (ex != null) {`
`267`		`- promise.reject("service_configuration_fetch_error", getErrorMessage(ex));`
	`267`	`+ promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);`
`268`	`268`	`return;`
`269`	`269`	`}`
`270`	`270`
`@@ -348,7 +348,7 @@ public void onFetchConfigurationCompleted(`
`348`	`348`	`@Nullable AuthorizationServiceConfiguration fetchedConfiguration,`
`349`	`349`	`@Nullable AuthorizationException ex) {`
`350`	`350`	`if (ex != null) {`
`351`		`- promise.reject("service_configuration_fetch_error", getErrorMessage(ex));`
	`351`	`+ promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);`
`352`	`352`	`return;`
`353`	`353`	`}`
`354`	`354`
`@@ -390,7 +390,7 @@ public void onActivityResult(Activity activity, int requestCode, int resultCode,`
`390`	`390`	`AuthorizationException exception = AuthorizationException.fromIntent(data);`
`391`	`391`	`if (exception != null) {`
`392`	`392`	`if (promise != null) {`
`393`		`- promise.reject("authentication_error", getErrorMessage(exception));`
	`393`	`+ promise.reject(exception.error != null ? exception.error: "authentication_error", exception.getLocalizedMessage(), exception);`
`394`	`394`	`}`
`395`	`395`	`return;`
`396`	`396`	`}`
`@@ -423,7 +423,7 @@ public void onTokenRequestCompleted(`
`423`	`423`	`}`
`424`	`424`	`} else {`
`425`	`425`	`if (promise != null) {`
`426`		`- promise.reject("token_exchange_failed", getErrorMessage(ex));`
	`426`	`+ promise.reject(ex.error != null ? ex.error: "token_exchange_failed", ex.getLocalizedMessage(), ex);`
`427`	`427`	`}`
`428`	`428`	`}`
`429`	`429`	`}`
`@@ -490,7 +490,7 @@ public void onRegistrationRequestCompleted(@Nullable RegistrationResponse respon`
`490`	`490`	`WritableMap map = RegistrationResponseFactory.registrationResponseToMap(response);`
`491`	`491`	`promise.resolve(map);`
`492`	`492`	`} else {`
`493`		`- promise.reject("registration_failed", getErrorMessage(ex));`
	`493`	`+ promise.reject(ex.error != null ? ex.error: "registration_failed", ex.getLocalizedMessage(), ex);`
`494`	`494`	`}`
`495`	`495`	`}`
`496`	`496`	`};`
`@@ -621,7 +621,7 @@ public void onTokenRequestCompleted(@Nullable TokenResponse response, @Nullable`
`621`	`621`	`WritableMap map = TokenResponseFactory.tokenResponseToMap(response);`
`622`	`622`	`promise.resolve(map);`
`623`	`623`	`} else {`
`624`		`- promise.reject("token_refresh_failed", getErrorMessage(ex));`
	`624`	`+ promise.reject(ex.error != null ? ex.error: "token_refresh_failed", ex.getLocalizedMessage(), ex);`
`625`	`625`	`}`
`626`	`626`	`}`
`627`	`627`	`};`
`@@ -660,15 +660,6 @@ private ClientAuthentication getClientAuthentication(String clientSecret, String`
`660`	`660`	`return new ClientSecretBasic(clientSecret);`
`661`	`661`	`}`
`662`	`662`
`663`		`- /*`
`664`		`- * Return error information if it is available`
`665`		`- */`
`666`		`- private String getErrorMessage(AuthorizationException ex){`
`667`		`- if(ex.errorDescription == null && ex.error != null)`
`668`		`- return ex.error;`
`669`		`- return ex.errorDescription;`
`670`		`- }`
`671`		`-`
`672`	`663`	`/*`
`673`	`664`	`* Create a space-delimited string from an array`
`674`	`665`	`*/`