Merge pull request #174 from maciej-szlosarczyk/handle-403-coming-fro…

…m-auth0 Give implementer the choice about 403s coming from Auth0
achedeuzot · Aug 14, 2021 · 115cfb7 · 115cfb7
2 parents 6d444dc + 2f5515e
commit 115cfb7
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 20 deletions.
diff --git a/lib/ueberauth/strategy/auth0.ex b/lib/ueberauth/strategy/auth0.ex
@@ -129,23 +129,29 @@ defmodule Ueberauth.Strategy.Auth0 do
     module = option(conn, :oauth2_module)
     redirect_uri = callback_url(conn)
 
-    client =
+    result =
       apply(module, :get_token!, [
         [code: code, redirect_uri: redirect_uri],
         [otp_app: option(conn, :otp_app)]
       ])
 
-    token = client.token
-
-    if token.access_token == nil do
-      set_errors!(conn, [
-        error(
-          token.other_params["error"],
-          token.other_params["error_description"]
-        )
-      ])
-    else
-      fetch_user(conn, client, state)
+    case result do
+      {:ok, client} ->
+        token = client.token
+
+        if token.access_token == nil do
+          set_errors!(conn, [
+            error(
+              token.other_params["error"],
+              token.other_params["error_description"]
+            )
+          ])
+        else
+          fetch_user(conn, client, state)
+        end
+
+      {:error, client} ->
+        set_errors!(conn, [error(client.body["error"], client.body["error_description"])])
     end
   end
 

diff --git a/lib/ueberauth/strategy/auth0/oauth.ex b/lib/ueberauth/strategy/auth0/oauth.ex
@@ -97,7 +97,7 @@ defmodule Ueberauth.Strategy.Auth0.OAuth do
       |> Keyword.get(:client_options, [])
       |> Keyword.merge(otp_app: otp_app)
 
-    Client.get_token!(client(client_options), params, headers, opts)
+    Client.get_token(client(client_options), params, headers, opts)
   end
 
   # Strategy Callbacks

diff --git a/test/strategy/auth0_test.exs b/test/strategy/auth0_test.exs
@@ -166,18 +166,24 @@ defmodule Ueberauth.Strategy.Auth0Test do
     state = request_conn.private[:ueberauth_state_param]
 
     use_cassette "auth0-invalid-code", match_requests_on: [:query] do
-      assert_raise(OAuth2.Error, ~r/Server responded with status: 403.*/, fn ->
+      conn =
         :get
-        |> conn("/auth/auth0/callback",
-          id: "foo",
-          code: "invalid_code",
-          state: state
-        )
+        |> conn("/auth/auth0/callback", id: "foo", code: "invalid_code", state: state)
         |> Map.put(:cookies, request_conn.cookies)
         |> Map.put(:req_cookies, request_conn.req_cookies)
         |> Plug.Session.call(@session_options)
         |> SpecRouter.call(@router)
-      end)
+
+      auth = conn.assigns.ueberauth_failure
+
+      invalid_grant_error = %Ueberauth.Failure.Error{
+        message: "Invalid authorization code",
+        message_key: "invalid_grant"
+      }
+
+      assert auth.provider == :auth0
+      assert auth.strategy == Ueberauth.Strategy.Auth0
+      assert auth.errors == [invalid_grant_error]
     end
   end