search

okta / okta-oidc-android

OIDC SDK for Android
https://github.com/okta/okta-oidc-android
Other
60 stars 45 forks source link

Multiple Errors returned by the SDK have the same "Type" and "Code" #274

Closed OktaTiberiu closed 2 years ago

OktaTiberiu commented 2 years ago

Error types and codes are not implemented within the SDK as we have seen multiple errors returning "type":0,"code":0" .

Ex :

  1. AuthorizationException: {"type":0,"code":0,"errorDescription":"Invalid status code 400 Bad Request"}
  2. AuthorizationException: {"type":0,"code":0,"errorDescription":"No refresh token found"}

Other than reading the description field, how can we differentiate between these two errors?

NikitaAvraimov-okta commented 2 years ago

Thank you for your concern, we will take a look how we can make error descriptions more useful.

NikitaAvraimov-okta commented 2 years ago

Internal ref OKTA-435834

thereallukesimpson commented 2 years ago

@NikitaAvraimov-okta Hi, this feedback was from me. I've been advised by Fei a while ago that the SDK returns this generic "Invalid status code 400 Bad Request" instead of "TYPE_OAUTH_TOKEN_ERROR".

Please confirm whether this fix will address that as it is by far our biggest error. I'm concerned that issues other than token expiry are returning this 400 bad request, which we interpret as an expired token.

NikitaAvraimov-okta commented 2 years ago

@thereallukesimpson "TYPE_OAUTH_TOKEN_ERROR" is what we expect to respond with now

frett commented 2 years ago

when refreshing tokens we are also getting the "Invalid status code 400" error instead of a more descriptive TYPE_OAUTH_TOKEN_ERROR error.

I traced the error to the usage of the asJson() function here. The asJson() function throws an error for any response code that is not a 2xx code. The OAuth spec specifies that the token endpoint should return a 400 response code when there is an error, and not a 2xx response.

thereallukesimpson commented 2 years ago

@thereallukesimpson "TYPE_OAUTH_TOKEN_ERROR" is what we expect to respond with now

Hi @NikitaAvraimov-okta. Is there an upcoming release containing this fix?

JayNewstrom commented 2 years ago

The fix from #293 has been released.

thereallukesimpson commented 2 years ago

Hi @JayNewstrom and @NikitaAvraimov-okta. Can you please confirm both the error type and structure that will now be returned for the other ambiguous error listed above:AuthorizationException: {"type":0,"code":0,"errorDescription":"No refresh token found"}

Also, can you please confirm that the structure of the error for TYPE_OAUTH_TOKEN_ERROR will now be the following, i.e. not nested:

AuthorizationException: {"type":2,"code":0,"errorDescription":"Expired refresh token"}

i.e.

AuthorizationException(
    AuthorizationException.TYPE_OAUTH_TOKEN_ERROR,
    0,
    null,
    "Expired refresh token",
    null,
    null
)
NikitaAvraimov-okta commented 2 years ago

@thereallukesimpson when refresh token is non-existent i.e. null when trying to refresh it exception looks like: AuthorizationException: {"type":0,"code":0,"errorDescription":"No refresh token found"} For invalid refresh token you will get AuthorizationException: {"type":2,"code":2002,"error":"invalid_grant","errorDescription":"The refresh token is invalid or expired."