Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More Descriptive oauth Fetch Error Response Messaging #114

Open
matthewvolk opened this issue Nov 28, 2023 · 0 comments
Open

More Descriptive oauth Fetch Error Response Messaging #114

matthewvolk opened this issue Nov 28, 2023 · 0 comments
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@matthewvolk
Copy link
Owner

Before parsing the OAuth response with oauthResponseSchema, we should first check oauthResponse.status to pass more useful error messaging to library consumers.

For example, if a consumer's redirect_uri is accidentally misconfigured, the code below throws an invalid access token response error instead of displaying a more useful redirect_uri_mismatch error.

bigrequest/packages/bigrequest/src/oauth.ts

Lines 40 to 69 in 0e50eeb

const oauthResponse = await fetch(`https://login.bigcommerce.com/oauth2/token`, {
method: 'POST',
headers: {
accept: 'application/json',
'content-type': 'application/json',
},
body: JSON.stringify({
client_id: oauthConfig.data.clientId,
client_secret: oauthConfig.data.clientSecret,
code: authCallbackQuery.data.code,
context: authCallbackQuery.data.context,
scope: authCallbackQuery.data.scope,
grant_type: 'authorization_code',
redirect_uri: oauthConfig.data.authCallback,
}),
});
const oauthResponseSchema = z.object({
access_token: z.string(),
scope: z.string(),
user: z.object({
id: z.number(),
username: z.string(),
email: z.string(),
}),
context: z.string(),
account_uuid: z.string(),
});
const accessTokenResponse = oauthResponseSchema.safeParse(await oauthResponse.json());

Error responses are returned as either a 400 Bad Request or 403 Forbidden and contain a JSON body with an error and optional error_description property:

Invalid client_id:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{ "error": "Invalid client id." }

Invalid client_secret:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error": "invalid_client",
  "error_description": "Parameter client_secret does not match"
}

Invalid code:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{ "error": "Invalid code." }

Invalid context:

HTTP/1.1 403 Forbidden
Content-Type: application/json

{
  "error": "Only store owners may install or update apps. Please contact the store owner for assistance"
}

Invalid scope:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{ "error": "Invalid scope(s)." }

Invalid grant_type:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error": "unsupported_grant_type",
  "error_description": "The grant type authorization_codea is not recognized"
}

Invalid redirect_uri:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error": "redirect_uri_mismatch",
  "error_description": "Parameter redirect_uri does not match registered URI"
}

Acceptance Criteria:

  • Log HTTP status code
  • Log HTTP status text
  • Log parsed JSON body
@matthewvolk matthewvolk added the good first issue Good for newcomers label Nov 28, 2023
@matthewvolk matthewvolk changed the title More Descriptive oauth Network Error Messaging More Descriptive oauth Fetch Error Response Messaging Nov 28, 2023
@matthewvolk matthewvolk added the enhancement New feature or request label Dec 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matthewvolk