oauth2: parse RFC 6749 error response

Parse error response described in https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 Handle unorthodox servers responding 200 in error case. Implements API changes in accepted proposal https://github.com/golang/go/issues/58125 Fixes #441 Fixes #274 Updates #173 Change-Id: If9399c3f952ac0501edbeefeb3a71ed057ca8d37 GitHub-Last-Rev: 0030e27422 GitHub-Pull-Request: golang/oauth2#610 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/451076 Run-TryBot: Matt Hickford <matt.hickford@gmail.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Matt Hickford <matt.hickford@gmail.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Cody Oss <codyoss@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-06 18:39:04 +00:00
parent 36075149c5
commit cfe200d5bb
3 changed files with 104 additions and 14 deletions
--- a/oauth2_test.go
+++ b/oauth2_test.go
@@ -484,6 +484,7 @@ func TestTokenRetrieveError(t *testing.T) {
 			t.Errorf("Unexpected token refresh request URL, %v is found.", r.URL)
 		}
 		w.Header().Set("Content-type", "application/json")
+		// "The authorization server responds with an HTTP 400 (Bad Request)" https://www.rfc-editor.org/rfc/rfc6749#section-5.2
 		w.WriteHeader(http.StatusBadRequest)
 		w.Write([]byte(`{"error": "invalid_grant"}`))
 	}))
@@ -493,15 +494,47 @@ func TestTokenRetrieveError(t *testing.T) {
 	if err == nil {
 		t.Fatalf("got no error, expected one")
 	}
-	_, ok := err.(*RetrieveError)
+	re, ok := err.(*RetrieveError)
 	if !ok {
 		t.Fatalf("got %T error, expected *RetrieveError; error was: %v", err, err)
 	}
-	// Test error string for backwards compatibility
-	expected := fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", "400 Bad Request", `{"error": "invalid_grant"}`)
+	expected := `oauth2: "invalid_grant"`
 	if errStr := err.Error(); errStr != expected {
 		t.Fatalf("got %#v, expected %#v", errStr, expected)
 	}
+	expected = "invalid_grant"
+	if re.ErrorCode != expected {
+		t.Fatalf("got %#v, expected %#v", re.ErrorCode, expected)
+	}
+}
+
+// TestTokenRetrieveError200 tests handling of unorthodox server that returns 200 in error case
+func TestTokenRetrieveError200(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.String() != "/token" {
+			t.Errorf("Unexpected token refresh request URL, %v is found.", r.URL)
+		}
+		w.Header().Set("Content-type", "application/json")
+		w.Write([]byte(`{"error": "invalid_grant"}`))
+	}))
+	defer ts.Close()
+	conf := newConf(ts.URL)
+	_, err := conf.Exchange(context.Background(), "exchange-code")
+	if err == nil {
+		t.Fatalf("got no error, expected one")
+	}
+	re, ok := err.(*RetrieveError)
+	if !ok {
+		t.Fatalf("got %T error, expected *RetrieveError; error was: %v", err, err)
+	}
+	expected := `oauth2: "invalid_grant"`
+	if errStr := err.Error(); errStr != expected {
+		t.Fatalf("got %#v, expected %#v", errStr, expected)
+	}
+	expected = "invalid_grant"
+	if re.ErrorCode != expected {
+		t.Fatalf("got %#v, expected %#v", re.ErrorCode, expected)
+	}
 }

 func TestRefreshToken_RefreshTokenReplacement(t *testing.T) {