From 86b0c50c641e650fd5039e71da27b49f91c8cf25 Mon Sep 17 00:00:00 2001 From: Darrel O'Pry Date: Fri, 15 Jul 2022 14:28:27 -0400 Subject: [PATCH] fix: token error response handling --- mozilla_django_oidc/auth.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/mozilla_django_oidc/auth.py b/mozilla_django_oidc/auth.py index 54f89a8a..a738f9d5 100644 --- a/mozilla_django_oidc/auth.py +++ b/mozilla_django_oidc/auth.py @@ -18,6 +18,8 @@ from mozilla_django_oidc.utils import absolutify, import_from_settings +from requests.exceptions import HTTPError + LOGGER = logging.getLogger(__name__) @@ -229,9 +231,22 @@ def get_token(self, payload): verify=self.get_settings('OIDC_VERIFY_SSL', True), timeout=self.get_settings('OIDC_TIMEOUT', None), proxies=self.get_settings('OIDC_PROXY', None)) - response.raise_for_status() + self.raise_token_response_error(response) return response.json() + def raise_token_response_error(self, response): + """Raises :class:`HTTPError`, if one occurred. + as per: https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 + """ + # well behaved token endpoints should only return a 400 on errors + if (response.status_code != 400): + return + # token response should be a json object per RFC6749 + body = response.json() + http_error_msg = f"{response.status_code} Get Token Error: {body.error} for url: {response.url}" + raise HTTPError(http_error_msg, response=response) + + def get_userinfo(self, access_token, id_token, payload): """Return user details dictionary. The id_token and payload are not used in the default implementation, but may be used when overriding this method"""