Merge branch 'T705-oauth' into oauth-wrapper

5 years ago · ad5f72d8a4
parent af23e28d05 6bcc4cfa46
commit ad5f72d8a4
1 changed files with 10 additions and 0 deletions
--- a/oauth.go
+++ b/oauth.go
@ -26,6 +26,7 @@ type TokenResponse struct {
 	ExpiresIn    int    `json:"expires_in"`
 	RefreshToken string `json:"refresh_token"`
 	TokenType    string `json:"token_type"`
+	Error        string `json:"error"`
 }

 // InspectResponse contains data returned when an access token is inspected.
@ -113,11 +114,13 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http

 	err := h.DB.ValidateOAuthState(ctx, state)
 	if err != nil {
+		log.Error("Unable to ValidateOAuthState: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
 	}

 	tokenResponse, err := h.exchangeOauthCode(ctx, code)
 	if err != nil {
+		log.Error("Unable to exchangeOauthCode: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
 	}

@ -125,11 +128,13 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 	// it really really works.
 	tokenInfo, err := h.inspectOauthAccessToken(ctx, tokenResponse.AccessToken)
 	if err != nil {
+		log.Error("Unable to inspectOauthAccessToken: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
 	}

 	localUserID, err := h.DB.GetIDForRemoteUser(ctx, tokenInfo.UserID)
 	if err != nil {
+		log.Error("Unable to GetIDForRemoteUser: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
 	}

@ -213,6 +218,11 @@ func (h oauthHandler) exchangeOauthCode(ctx context.Context, code string) (*Toke
 	if err != nil {
 		return nil, err
 	}
+
+	// Check the response for an error message, and return it if there is one.
+	if tokenResponse.Error != "" {
+		return nil, fmt.Errorf(tokenResponse.Error)
+	}
 	return &tokenResponse, nil
 }