Fix OAuth2 user info credentials and add HTTP error handling.

2026-01-07 06:03:09 -06:00 · 2022-05-27 18:07:52 +02:00 · 2022-05-27 18:07:52 +02:00 · 6663882cf2
parent 43bac75c5f
commit 6663882cf2
2 changed files with 13 additions and 1 deletions
--- a/clientapi/auth/sso/oauth2.go
+++ b/clientapi/auth/sso/oauth2.go
@ -136,6 +136,10 @@ func (p *oauth2IdentityProvider) getAccessToken(ctx context.Context, callbackURL
 	}
 	defer hresp.Body.Close() // nolint:errcheck

+	if hresp.StatusCode/100 != 2 {
+		return "", fmt.Errorf("OAuth2 access token request %q failed: %d %s", p.accessTokenURL, hresp.StatusCode, hresp.Status)
+	}
+
 	var resp oauth2TokenResponse
 	if err := json.NewDecoder(hresp.Body).Decode(&resp); err != nil {
 		return "", err
@ -170,7 +174,7 @@ func (p *oauth2IdentityProvider) getUserInfo(ctx context.Context, accessToken st
 	if err != nil {
 		return "", "", "", err
 	}
-	hreq.Header.Set("Authorization", "token "+accessToken)
+	hreq.Header.Set("Authorization", "Bearer "+accessToken)
 	hreq.Header.Set("Accept", p.responseMimeType)

 	hresp, err := p.hc.Do(hreq)
@ -179,6 +183,10 @@ func (p *oauth2IdentityProvider) getUserInfo(ctx context.Context, accessToken st
 	}
 	defer hresp.Body.Close() // nolint:errcheck

+	if hresp.StatusCode/100 != 2 {
+		return "", "", "", fmt.Errorf("OAuth2 user info request %q failed: %d %s", p.userInfoURL, hresp.StatusCode, hresp.Status)
+	}
+
 	body, err := ioutil.ReadAll(hresp.Body)
 	if err != nil {
 		return "", "", "", err
--- a/clientapi/auth/sso/oidc.go
+++ b/clientapi/auth/sso/oidc.go
@ -138,6 +138,10 @@ func oidcDiscover(ctx context.Context, url string) (*oidcDiscovery, error) {
 	}
 	defer hresp.Body.Close() // nolint:errcheck

+	if hresp.StatusCode/100 != 2 {
+		return nil, fmt.Errorf("OIDC discovery request %q failed: %d %s", url, hresp.StatusCode, hresp.Status)
+	}
+
 	var disc oidcDiscovery
 	if err := json.NewDecoder(hresp.Body).Decode(&disc); err != nil {
 		return nil, fmt.Errorf("decoding OIDC discovery response from %q: %w", url, err)