API, Core: Add exceptions for OAuth2 token endpoint errors#16507
Open
oguzhanunlu wants to merge 1 commit into
Open
API, Core: Add exceptions for OAuth2 token endpoint errors#16507oguzhanunlu wants to merge 1 commit into
oguzhanunlu wants to merge 1 commit into
Conversation
OAuth2 token endpoint failures (RFC 6749 §5.2) currently surface as
generic BadRequestException / NotAuthorizedException, with the error
type stringified into the exception message. Consumers that triage on
the error type must regex-parse the message to recover it unreliably.
Introduce exceptions that carry the OAuth2 error type as a field
accessible via a marker interface:
- OAuth2Error (marker, String errorType())
- OAuth2BadRequestException extends BadRequestException
implements OAuth2Error (400)
- OAuth2NotAuthorizedException extends NotAuthorizedException
implements OAuth2Error (401)
OAuthErrorHandler.accept now throws these for all six RFC 6749 §5.2
codes (invalid_request, invalid_client, invalid_grant,
unauthorized_client, unsupported_grant_type, invalid_scope).
Design:
Two classes (per HTTP status), not six (per error type). Different
reasons within an HTTP status class are unified under one exception per
status, consistent with how BadRequestException covers all 400s
currently.
Backward compatible: getMessage() output is byte-identical and
existing catch blocks on BadRequestException / NotAuthorizedException
continue to fire.
Adds six unit tests that pin which exception is thrown for each OAuth2
error type.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to #15746 / #16059 . Same unreliable triage pattern, at the OAuth2 token endpoint instead of
/v1/config.Background
OAuth2 token endpoint failures (RFC 6749 §5.2) currently surface as generic
BadRequestException/NotAuthorizedException, with the error type stringified into the exception message. Consumers that triage on the error type must regex-parse the message to recover it.This PR introduces exceptions that carry the OAuth2 error type as a field accessible via a marker interface:
OAuthErrorHandler.acceptnow throws these for all six RFC 6749 §5.2 codes (invalid_request, invalid_client, invalid_grant, unauthorized_client, unsupported_grant_type, invalid_scope).Design
Two classes (per HTTP status), not six (per error type). Different reasons within an HTTP status class are unified under one exception per status, consistent with how
BadRequestExceptioncovers all 400s currently.Backward compatible:
getMessage()output is byte-identical and existing catch blocks onBadRequestException/NotAuthorizedExceptioncontinue to fire.Adds six unit tests that pin which exception is thrown for each OAuth2 error type.