From e182a440c505ae6de358d453f06f159cef3d6beb Mon Sep 17 00:00:00 2001 From: Michael Ribbons Date: Mon, 31 Jul 2017 14:56:55 +1000 Subject: [PATCH 1/2] Handle OAuth2AccessTokenErrorResponse exception when attempting to parse access token. This occurs in AuthorizationCode flow when the client secret is incorrect and the server returns invalid_client. --- .../io/fullstack/oauth/OAuthManagerFragmentController.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/android/src/main/java/io/fullstack/oauth/OAuthManagerFragmentController.java b/android/src/main/java/io/fullstack/oauth/OAuthManagerFragmentController.java index 5281699..16c4d67 100644 --- a/android/src/main/java/io/fullstack/oauth/OAuthManagerFragmentController.java +++ b/android/src/main/java/io/fullstack/oauth/OAuthManagerFragmentController.java @@ -10,6 +10,7 @@ import com.facebook.react.bridge.ReactContext; import com.github.scribejava.core.exceptions.OAuthConnectionException; +import com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse; import com.github.scribejava.core.model.OAuth1AccessToken; import com.github.scribejava.core.model.OAuth1RequestToken; import com.github.scribejava.core.model.OAuth2AccessToken; @@ -367,6 +368,10 @@ protected OAuth2AccessToken doInBackground(Void... params) { Log.e(TAG, "OAuth connection exception: " + ex.getMessage()); ex.printStackTrace(); return null; + } catch (OAuth2AccessTokenErrorResponse ex) + { + Log.e(TAG, "Failed to extract access token: " + ex.getMessage()); + return null; } catch (IOException ex) { Log.e(TAG, "An exception occurred getRequestToken: " + ex.getMessage()); ex.printStackTrace(); From a321a6910250264466458f25cac02db6f9d2e557 Mon Sep 17 00:00:00 2001 From: Michael Ribbons Date: Thu, 17 Aug 2017 15:42:16 +1000 Subject: [PATCH 2/2] Further improve OAuth2AccessTokenErrorResponse exception handling in invalid_secret scenario. Report error using callback, consumer will receive {"error":"invalid_secret"} rather than silent failure with no error callback. --- .../oauth/OAuthManagerFragmentController.java | 1 + .../java/io/fullstack/oauth/OAuthManagerModule.java | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/android/src/main/java/io/fullstack/oauth/OAuthManagerFragmentController.java b/android/src/main/java/io/fullstack/oauth/OAuthManagerFragmentController.java index 16c4d67..f04d8b7 100644 --- a/android/src/main/java/io/fullstack/oauth/OAuthManagerFragmentController.java +++ b/android/src/main/java/io/fullstack/oauth/OAuthManagerFragmentController.java @@ -371,6 +371,7 @@ protected OAuth2AccessToken doInBackground(Void... params) { } catch (OAuth2AccessTokenErrorResponse ex) { Log.e(TAG, "Failed to extract access token: " + ex.getMessage()); + mCtrl.onError(-1, ex.getMessage(), "Failed to extract access token."); return null; } catch (IOException ex) { Log.e(TAG, "An exception occurred getRequestToken: " + ex.getMessage()); diff --git a/android/src/main/java/io/fullstack/oauth/OAuthManagerModule.java b/android/src/main/java/io/fullstack/oauth/OAuthManagerModule.java index 35777a4..8c4aff5 100644 --- a/android/src/main/java/io/fullstack/oauth/OAuthManagerModule.java +++ b/android/src/main/java/io/fullstack/oauth/OAuthManagerModule.java @@ -120,6 +120,18 @@ public void onRequestTokenError(final Exception ex) { Log.e(TAG, "Exception with request token: " + ex.getMessage()); _credentialsStore.delete(providerName); _credentialsStore.commit(); + + WritableMap error = Arguments.createMap(); + error.putString("message", ex.getMessage()); + + // In an invalid client situation we will get two errors, first for the invalid client, and second for the null access token + // we really want to report the invalid client error because it provides better feedback + try { + callback.invoke(error); + } catch (Exception e2) + { + Log.e(TAG, "exception with request: callback failed: " + e2.getMessage() ); + } } public void onOAuth1AccessToken(final OAuth1AccessToken accessToken) { _credentialsStore.store(providerName, accessToken);