fix: token error response handling

mozilla · Jul 15, 2022 · 86b0c50 · 86b0c50
1 parent 21ca7b8
commit 86b0c50
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/mozilla_django_oidc/auth.py b/mozilla_django_oidc/auth.py
@@ -18,6 +18,8 @@
 
 from mozilla_django_oidc.utils import absolutify, import_from_settings
 
+from requests.exceptions import HTTPError
+
 LOGGER = logging.getLogger(__name__)
 
 
@@ -229,9 +231,22 @@ def get_token(self, payload):
             verify=self.get_settings('OIDC_VERIFY_SSL', True),
             timeout=self.get_settings('OIDC_TIMEOUT', None),
             proxies=self.get_settings('OIDC_PROXY', None))
-        response.raise_for_status()
+        self.raise_token_response_error(response)
         return response.json()
 
+    def raise_token_response_error(self, response):
+        """Raises :class:`HTTPError`, if one occurred.
+        as per: https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+        """
+        # well behaved token endpoints should only return a 400 on errors 
+        if (response.status_code != 400):
+            return
+        # token response should be a json object per RFC6749
+        body = response.json()
+        http_error_msg = f"{response.status_code} Get Token Error: {body.error} for url: {response.url}"
+        raise HTTPError(http_error_msg, response=response)
+
+
     def get_userinfo(self, access_token, id_token, payload):
         """Return user details dictionary. The id_token and payload are not used in
         the default implementation, but may be used when overriding this method"""