Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle 400 errors from the authorization server #29

Open
uttarayan21 opened this issue Nov 12, 2021 · 3 comments
Open

Handle 400 errors from the authorization server #29

uttarayan21 opened this issue Nov 12, 2021 · 3 comments
Labels
enhancement New feature or request

Comments

@uttarayan21
Copy link

uttarayan21 commented Nov 12, 2021
edited
Loading

I was wondering if there is any way to handle custom status codes other than 200.

I get the redirect to callback_url with something like this

https://b5f6-45-251-234-73.ngrok.io/auth/instagram?code=AQBwRfNKQFHiv-X6m0-O8M9iLDrM-uVMwDcjYSyLRzIUeXylPVhu4V7qIZcEuT37yi21QtBjhiuvBAdi1g2jo_ddS68I3bIIcEddezdbsDo8GOLrxVVxupQpPKH5Fz6WaxGEbkzfUu9nhdiLy5Pa5Ri1sFm1GksUmK9jWRfHPfS73jgiL0jO45w91EQgR5kui3vHzchklRx-H_xDh9-YIb8i9ScdJsYXJZydBNZ5s4V9cA&state=3INTGxYIbi5lBu9ROTtUXw#_

but with 400 bad request.

So my question is, Is there any simple way to handle the 400 status code ?
@jebrosen
Copy link
Owner

It depends on when exactly the 400 is being returned. Is the 400 status code the one returned from Instagram, or did the TokenRequest guard fail and indicate a 400 response? The log should explain either case in more detail.

In case you do want or need to handle errors in the token exchange, you can use the Result request guard to "catch" the error instead:

#[get("/example")]
fn example_callback(token: Result<TokenResponse<GitHub>, rocket_oauth2::Error>, cookies: &CookieJar<'_>) -> Redirect { ... }

@jebrosen jebrosen added the question Further information is requested label Nov 17, 2021
@uttarayan21
Copy link
Author

uttarayan21 commented Nov 17, 2021
edited
Loading

Oh I see. I'll try that.
The 400 status code AFAIK is being sent by instagram.
I think it's indicated in the their docs somewhere but I can't find it right now but you can see here or here for stackoverflow questions regarding it.

This is the relevant part of the log.

GET /auth/instagram?code=AQDPOpOqCscv3vF6njUh4jNqu99wqMxKcH9kz9e384jNoTcesyGJLJ7h78nd3s6-d1R0RbXYO8CF3GQ5J_34CusAWzoDMrgRoJUVojlRwjJDNNOYvPz1AwNhi6KM6mE0rE63sSBMesuDOl-cIvFjlnpUto63L5RYy5C5d2pJBpcD6kmPiaYebe0I_ig_y8CddVs7AmLPhok90T6UJq1Ynlz6N3Zbb3JxJdOwYdYJ9T11og&state=JIsACzNC19Ezz2_EaqjliQ text/html:
   >> Matched: (instagram_callback) GET /auth/instagram
Warning: OAuth2 token exchange failed: token exchange returned non-success status code: 400
   >> `TokenResponse < Instagram >` request guard failed: Error { kind: ExchangeError(400), source: None }.
   >> Outcome: Failure
   >> No 400 catcher registered. Using Rocket default.
   >> Response succeeded.

@jebrosen
Copy link
Owner

Warning: OAuth2 token exchange failed: token exchange returned non-success status code: 400

Yeah, in this case it's Instagram responding with 400. I think you've actually stumbled on a long-unimplemented feature that I all but forgot: the authorization server can include a human-readable error description, but rocket_oauth2's default adapter does not attempt to read it. This looks like a more straightforward addition than I remember, so I'm going to repoen this issue to make it more visible.

@jebrosen jebrosen reopened this Nov 17, 2021
@jebrosen jebrosen added enhancement New feature or request and removed question Further information is requested labels Nov 17, 2021
@jebrosen jebrosen changed the title Handle custom status codes Handle 400 errors from the authorization server Nov 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jebrosen @uttarayan21