[chore] Improve unsupported_grant_type error (#1572)
This attempts to provide a slightly more comprehensive error message for the end user when an incorrect grant type is used. This is not something the user can typically resolve but should hopefully be informative for the (client) developer.
This commit is contained in:
parent
d550f0ecbe
commit
e4c5f9adfd
|
@ -20,6 +20,7 @@ package oauth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -28,7 +29,7 @@ import (
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/log"
|
"github.com/superseriousbusiness/gotosocial/internal/log"
|
||||||
"github.com/superseriousbusiness/oauth2/v4"
|
"github.com/superseriousbusiness/oauth2/v4"
|
||||||
"github.com/superseriousbusiness/oauth2/v4/errors"
|
oautherr "github.com/superseriousbusiness/oauth2/v4/errors"
|
||||||
"github.com/superseriousbusiness/oauth2/v4/manage"
|
"github.com/superseriousbusiness/oauth2/v4/manage"
|
||||||
"github.com/superseriousbusiness/oauth2/v4/server"
|
"github.com/superseriousbusiness/oauth2/v4/server"
|
||||||
)
|
)
|
||||||
|
@ -56,7 +57,8 @@ const (
|
||||||
OOBTokenPath = "/oauth/oob" // #nosec G101 else we get a hardcoded credentials warning
|
OOBTokenPath = "/oauth/oob" // #nosec G101 else we get a hardcoded credentials warning
|
||||||
// HelpfulAdvice is a handy hint to users;
|
// HelpfulAdvice is a handy hint to users;
|
||||||
// particularly important during the login flow
|
// particularly important during the login flow
|
||||||
HelpfulAdvice = "If you arrived at this error during a login/oauth flow, please try clearing your session cookies and logging in again; if problems persist, make sure you're using the correct credentials"
|
HelpfulAdvice = "If you arrived at this error during a login/oauth flow, please try clearing your session cookies and logging in again; if problems persist, make sure you're using the correct credentials"
|
||||||
|
HelpfulAdviceGrant = "If you arrived at this error during a login/oauth flow, your client is trying to use an unsupported OAuth grant type. Supported grant types are: authorization_code, client_credentials; please reach out to developer of your client"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Server wraps some oauth2 server functions in an interface, exposing only what is needed
|
// Server wraps some oauth2 server functions in an interface, exposing only what is needed
|
||||||
|
@ -102,12 +104,12 @@ func New(ctx context.Context, database db.Basic) Server {
|
||||||
}
|
}
|
||||||
|
|
||||||
srv := server.NewServer(sc, manager)
|
srv := server.NewServer(sc, manager)
|
||||||
srv.SetInternalErrorHandler(func(err error) *errors.Response {
|
srv.SetInternalErrorHandler(func(err error) *oautherr.Response {
|
||||||
log.Errorf(nil, "internal oauth error: %s", err)
|
log.Errorf(nil, "internal oauth error: %s", err)
|
||||||
return nil
|
return nil
|
||||||
})
|
})
|
||||||
|
|
||||||
srv.SetResponseErrorHandler(func(re *errors.Response) {
|
srv.SetResponseErrorHandler(func(re *oautherr.Response) {
|
||||||
log.Errorf(nil, "internal response error: %s", re.Error)
|
log.Errorf(nil, "internal response error: %s", re.Error)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -131,7 +133,11 @@ func (s *s) HandleTokenRequest(r *http.Request) (map[string]interface{}, gtserro
|
||||||
gt, tgr, err := s.server.ValidationTokenRequest(r)
|
gt, tgr, err := s.server.ValidationTokenRequest(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
help := fmt.Sprintf("could not validate token request: %s", err)
|
help := fmt.Sprintf("could not validate token request: %s", err)
|
||||||
return nil, gtserror.NewErrorBadRequest(err, help, HelpfulAdvice)
|
adv := HelpfulAdvice
|
||||||
|
if errors.Is(err, oautherr.ErrUnsupportedGrantType) {
|
||||||
|
adv = HelpfulAdviceGrant
|
||||||
|
}
|
||||||
|
return nil, gtserror.NewErrorBadRequest(err, help, adv)
|
||||||
}
|
}
|
||||||
|
|
||||||
ti, err := s.server.GetAccessToken(ctx, gt, tgr)
|
ti, err := s.server.GetAccessToken(ctx, gt, tgr)
|
||||||
|
|
Loading…
Reference in New Issue