Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The error type AuthorizationRequestErrors.STATE_MISMATCH uses an incorrect error code #1105

Open
6 tasks done
raffaelgyr opened this issue Nov 18, 2024 · 0 comments
Open
6 tasks done

The error type AuthorizationRequestErrors.STATE_MISMATCH uses an incorrect error code #1105

raffaelgyr opened this issue Nov 18, 2024 · 0 comments
Labels
bug

Comments

@raffaelgyr
Copy link

Checklist:

  • I am using the latest release
  • I searched for existing GitHub issues
  • I read the documentation
  • I verified the client configuration matches the information in the identity provider (or I am using dynamic client registration)
  • I am either using a custom URI scheme or https with App Links for client redirect.
  • I can reproduce the issue in the demo app (optional)

Configuration

  • Version: 0.11.1
  • Integration: Kotlin
  • Identity provider: Not sure but also not relevant for this bug.

Issue Description

The AuthorizationException.java File contains nested classes that represent the different types of errors that can be thrown by the AppAuth Android library. One of those types is AuthorizationRequestErrors and one of the subtypes of AuthorizationRequestErrors is STATE_MISMATCH. (here is a permalink to the relevant line of code.) AuthorizationRequestErrors are supposed to use error codes in the range 1000 to 1999 (at least if I understood the code comment on line 224 correctly) but AuthorizationRequestErrors.STATE_MISMATCH uses code 9. Also, all other errors in the AuthorizationRequestErrors class use the function authEx while AuthorizationRequestErrors.STATE_MISMATCH uses generalEx. AuthorizationRequestErrors.STATE_MISMATCH also isn't part of the AuthorizationRequestErrors.STRING_TO_EXCEPTION Map and therefore can't be returned by the AuthorizationRequestErrors.byString(String) function.
To make things even worse, there is another error type that also uses the code 9 and the function generalEx. That other error type is GeneralErrors.ID_TOKEN_VALIDATION_ERROR. And because of how the equals function is implemented for AuthorizationException, Exceptions of these 2 different types would be considered equal.

All of the things mentioned above make it unnecessarily hard to correctly detect the error AuthorizationRequestErrors.STATE_MISMATCH. If possible I would like this error to either be removed or to be changed to make it easier to detect.
@raffaelgyr raffaelgyr added the bug label Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@raffaelgyr