Multiple Errors returned by the SDK have the same "Type" and "Code"

[OktaTiberiu]

Error types and codes are not implemented within the SDK as we have seen multiple errors returning "type":0,"code":0" .

Ex :

1. AuthorizationException: {"type":0,"code":0,"errorDescription":"Invalid status code 400 Bad Request"}
2. AuthorizationException: {"type":0,"code":0,"errorDescription":"No refresh token found"}

Other than reading the description field, how can we differentiate between these two errors?

[NikitaAvraimov-okta]

Thank you for your concern, we will take a look how we can make error descriptions more useful.

[NikitaAvraimov-okta]

Internal ref OKTA-435834

[thereallukesimpson]

@NikitaAvraimov-okta Hi, this feedback was from me. I've been advised by Fei a while ago that the SDK returns this generic "Invalid status code 400 Bad Request" instead of "TYPE_OAUTH_TOKEN_ERROR".

Please confirm whether this fix will address that as it is by far our biggest error. I'm concerned that issues other than token expiry are returning this 400 bad request, which we interpret as an expired token.

[NikitaAvraimov-okta]

@thereallukesimpson "TYPE_OAUTH_TOKEN_ERROR" is what we expect to respond with now

[frett]

when refreshing tokens we are also getting the "Invalid status code 400" error instead of a more descriptive TYPE_OAUTH_TOKEN_ERROR error.

I traced the error to the usage of the asJson() function here. The asJson() function throws an error for any response code that is not a 2xx code. The OAuth spec specifies that the token endpoint should return a 400 response code when there is an error, and not a 2xx response.

[thereallukesimpson]

@thereallukesimpson "TYPE_OAUTH_TOKEN_ERROR" is what we expect to respond with now

Hi @NikitaAvraimov-okta. Is there an upcoming release containing this fix?

[JayNewstrom]

The fix from #293 has been released.

[thereallukesimpson]

Hi @JayNewstrom and @NikitaAvraimov-okta. Can you please confirm both the error type and structure that will now be returned for the other ambiguous error listed above:AuthorizationException: {"type":0,"code":0,"errorDescription":"No refresh token found"}

Also, can you please confirm that the structure of the error for TYPE_OAUTH_TOKEN_ERROR will now be the following, i.e. not nested:

AuthorizationException: {"type":2,"code":0,"errorDescription":"Expired refresh token"}

i.e.

AuthorizationException(
    AuthorizationException.TYPE_OAUTH_TOKEN_ERROR,
    0,
    null,
    "Expired refresh token",
    null,
    null
)

[NikitaAvraimov-okta]

@thereallukesimpson when refresh token is non-existent i.e. null when trying to refresh it exception looks like:
AuthorizationException: {"type":0,"code":0,"errorDescription":"No refresh token found"}
For invalid refresh token you will get
AuthorizationException: {"type":2,"code":2002,"error":"invalid_grant","errorDescription":"The refresh token is invalid or expired."