makary/writefreely
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check for error response in code exchange

Browse source 
This checks to see if we get a response with a populated `error` field
in exchangeOauthCode(). If so, we return that error message as an error,
to ensure the callback logic doesn't continue with a bad response.

Ref T705
This commit is contained in:
Matt Baer 2019-12-30 18:25:24 -05:00
parent 39d0f1de98
commit 6bcc4cfa46
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
oauth.go
View file

@ -25,6 +25,7 @@ type TokenResponse struct {
ExpiresIn int `json:"expires_in"` ExpiresIn int `json:"expires_in"`
RefreshToken string `json:"refresh_token"` RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"` TokenType string `json:"token_type"`
Error string `json:"error"`
} }
// InspectResponse contains data returned when an access token is inspected. // InspectResponse contains data returned when an access token is inspected.
@ -224,6 +225,11 @@ func (h oauthHandler) exchangeOauthCode(ctx context.Context, code string) (*Toke
if err != nil { if err != nil {
return nil, err return nil, err
} }
// Check the response for an error message, and return it if there is one.
if tokenResponse.Error != "" {
return nil, fmt.Errorf(tokenResponse.Error)
}
return &tokenResponse, nil return &tokenResponse, nil
} }