attempt to parse token errors on refresh failures (#472)

bmc-msft · web-flow · commit 998bf604845e · 2021-11-01T09:11:49.000-04:00
diff --git a/sdk/identity/src/errors.rs b/sdk/identity/src/errors.rs
@@ -1,5 +1,6 @@
 //! Errors specific to identity services.
 use serde::{Deserialize, Serialize};
+use std::fmt;
 
 #[non_exhaustive]
 #[derive(Debug, thiserror::Error)]
@@ -39,3 +40,26 @@ pub(crate) enum ErrorResponse {
     /// An unrecognized error response from an identity service.
     GenericError { error_description: String },
 }
+
+/// Error Token
+#[derive(Debug, Clone, Deserialize)]
+pub struct ErrorToken {
+    error: String,
+    error_description: String,
+    error_codes: Vec<i64>,
+    timestamp: Option<String>,
+    trace_id: Option<String>,
+    correlation_id: Option<String>,
+    suberror: Option<String>,
+    claims: Option<String>,
+}
+
+impl fmt::Display for ErrorToken {
+    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+        writeln!(f, "error: {}", self.error)?;
+        if let Some(suberror) = &self.suberror {
+            writeln!(f, "suberror: {}", suberror)?;
+        }
+        writeln!(f, "description: {}", self.error_description)
+    }
+}
diff --git a/sdk/identity/src/refresh_token.rs b/sdk/identity/src/refresh_token.rs
@@ -1,6 +1,9 @@
 //! Refresh token utilities
 
-use crate::traits::{BearerToken, ExtExpiresIn, RefreshToken};
+use crate::{
+    errors::ErrorToken,
+    traits::{BearerToken, ExtExpiresIn, RefreshToken},
+};
 use log::debug;
 use oauth2::{AccessToken, ClientId, ClientSecret};
 use serde::Deserialize;
@@ -19,6 +22,8 @@ pub enum Error {
     DeserializeError(serde_json::Error),
     #[error("Error parsing url for refresh token: {0}")]
     ParseUrlError(url::ParseError),
+    #[error("Error requesting token: {0}")]
+    TokenError(ErrorToken),
 }
 
 /// Exchange a refresh token for a new access token and refresh token
@@ -59,9 +64,19 @@ pub async fn exchange(
         .text()
         .await
         .map_err(Error::TextError)?;
-    debug!("{}", ret);
 
-    Ok(ret.try_into().map_err(Error::DeserializeError)?)
+    debug!("refresh token response: {:?}", ret);
+
+    match serde_json::from_str::<RefreshTokenResponse>(&ret).map_err(Error::DeserializeError) {
+        Ok(r) => Ok(r),
+        Err(e) => {
+            if let Ok(token_error) = serde_json::from_str::<ErrorToken>(&ret) {
+                Err(Error::TokenError(token_error))
+            } else {
+                Err(e)
+            }
+        }
+    }
 }
 
 /// A refresh token
