Merge branch 'develop'

Author: Pascal Pfiffner

CONTRIBUTORS.md

@@ -3,6 +3,7 @@ Contributors
 
 Contributors to the codebase, in reverse chronological order:
 
+- Seb Skuse, @sebskuse
 - David Hardiman, @dhardiman
 - Amaury David, @amaurydavid
 - Lubbo, @lubbo

Sources/Base/OAuth2Base.swift

@@ -311,15 +311,17 @@ open class OAuth2Base: OAuth2Securable {
 	- returns: An OAuth2Error
 	*/
 	open func assureNoErrorInResponse(_ params: OAuth2JSON, fallback: String? = nil) throws {
-		
-		// "error_description" is optional, we prefer it if it's present
-		if let err_msg = params["error_description"] as? String, err_msg.count > 0 {
-			throw OAuth2Error.responseError(err_msg)
+		let err_code = params["error"] as? String
+		let err_msg = params["error_description"] as? String
+
+		// "error_description" is optional, we use it if it's present and code is not.
+		if let message = err_msg, message.count > 0 && (err_code?.isEmpty ?? true) {
+			throw OAuth2Error.responseError(message)
 		}
-		
+
 		// the "error" response is required for error responses, so it should be present
-		if let err_code = params["error"] as? String {
-			throw OAuth2Error.fromResponseError(err_code, fallback: fallback)
+		if let code = err_code, code.count > 0 {
+			throw OAuth2Error.fromResponseError(code, description: err_msg, fallback: fallback)
 		}
 	}
 

Sources/Base/OAuth2Error.swift

@@ -91,8 +91,8 @@ public enum OAuth2Error: Error, CustomStringConvertible, Equatable {
 	/// Unable to open the authorize URL.
 	case unableToOpenAuthorizeURL
 
-	/// The request is invalid.
-	case invalidRequest
+	/// The request is invalid. Passes the underlying error_description.
+	case invalidRequest(String?)
 
 	/// The request was canceled.
 	case requestCancelled
@@ -103,7 +103,7 @@ public enum OAuth2Error: Error, CustomStringConvertible, Equatable {
 	/// There was no token type in the response.
 	case noTokenType
 
-	/// The token type is not supported.
+	/// The token type is not supported. Passes the underlying error_description.
 	case unsupportedTokenType(String)
 
 	/// There was no data in the response.
@@ -130,30 +130,33 @@ public enum OAuth2Error: Error, CustomStringConvertible, Equatable {
 
 	// MARK: - OAuth2 errors
 
-	/// The client is unauthorized (HTTP status 401).
-	case unauthorizedClient
+	/// The client is unauthorized (HTTP status 401). Passes the underlying error_description.
+	case unauthorizedClient(String?)
 
 	/// The request was forbidden (HTTP status 403).
 	case forbidden
 
 	/// Username or password was wrong (HTTP status 403 on password grant).
 	case wrongUsernamePassword
 
-	/// Access was denied.
-	case accessDenied
+	/// Access was denied. Passes the underlying error_description.
+	case accessDenied(String?)
 
-	/// Response type is not supported.
-	case unsupportedResponseType
+	/// Response type is not supported. Passes the underlying error_description.
+	case unsupportedResponseType(String?)
 
-	/// Scope was invalid.
-	case invalidScope
+	/// Scope was invalid. Passes the underlying error_description.
+	case invalidScope(String?)
 
 	/// A 500 was thrown.
 	case serverError
 
-	/// The service is temporarily unavailable.
-	case temporarilyUnavailable
-	
+	/// The service is temporarily unavailable. Passes the underlying error_description.
+	case temporarilyUnavailable(String?)
+
+	/// Invalid grant. Passes the underlying error_description.
+	case invalidGrant(String?)
+
 	/// Other response error, as defined in its String.
 	case responseError(String)
 
@@ -162,27 +165,30 @@ public enum OAuth2Error: Error, CustomStringConvertible, Equatable {
 	Instantiate the error corresponding to the OAuth2 response code, if it is known.
 
 	- parameter code: The code, like "access_denied", that should be interpreted
+	- parameter description: The description provided in the response
 	- parameter fallback: The error string to use in case the error code is not known
 	- returns: An appropriate OAuth2Error
 	*/
-	public static func fromResponseError(_ code: String, fallback: String? = nil) -> OAuth2Error {
+	public static func fromResponseError(_ code: String, description: String? = nil, fallback: String? = nil) -> OAuth2Error {
 		switch code {
 		case "invalid_request":
-			return .invalidRequest
+			return .invalidRequest(description)
 		case "unauthorized_client":
-			return .unauthorizedClient
+			return .unauthorizedClient(description)
 		case "access_denied":
-			return .accessDenied
+			return .accessDenied(description)
 		case "unsupported_response_type":
-			return .unsupportedResponseType
+			return .unsupportedResponseType(description)
 		case "invalid_scope":
-			return .invalidScope
+			return .invalidScope(description)
 		case "server_error":
 			return .serverError
 		case "temporarily_unavailable":
-			return .temporarilyUnavailable
+			return .temporarilyUnavailable(description)
+		case "invalid_grant":
+			return .invalidGrant(description)
 		default:
-			return .responseError(fallback ?? "Authorization error: \(code)")
+			return .responseError(description ?? fallback ?? "Authorization error: \(code)")
 		}
 	}
 
@@ -253,22 +259,24 @@ public enum OAuth2Error: Error, CustomStringConvertible, Equatable {
 		case .utf8DecodeError:
 			return "Failed to decode given data as a UTF-8 string"
 
-		case .unauthorizedClient:
-			return "Unauthorized"
+		case .unauthorizedClient(let message):
+			return message ?? "Unauthorized"
 		case .forbidden:
 			return "Forbidden"
 		case .wrongUsernamePassword:
 			return "The username or password is incorrect"
-		case .accessDenied:
-			return "The resource owner or authorization server denied the request."
-		case .unsupportedResponseType:
-			return "The authorization server does not support obtaining an access token using this method."
-		case .invalidScope:
-			return "The requested scope is invalid, unknown, or malformed."
+		case .accessDenied(let message):
+			return message ?? "The resource owner or authorization server denied the request."
+		case .unsupportedResponseType(let message):
+			return message ?? "The authorization server does not support obtaining an access token using this method."
+		case .invalidScope(let message):
+			return message ?? "The requested scope is invalid, unknown, or malformed."
 		case .serverError:
 			return "The authorization server encountered an unexpected condition that prevented it from fulfilling the request."
-		case .temporarilyUnavailable:
-			return "The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server."
+		case .temporarilyUnavailable(let message):
+			return message ?? "The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server."
+		case .invalidGrant(let message):
+			return message ?? "The authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
 		case .responseError(let message):
 			return message
 		}
@@ -309,14 +317,15 @@ public enum OAuth2Error: Error, CustomStringConvertible, Equatable {
 		case (.utf8EncodeError, .utf8EncodeError):                   return true
 		case (.utf8DecodeError, .utf8DecodeError):                   return true
 
-		case (.unauthorizedClient, .unauthorizedClient):             return true
+		case (.unauthorizedClient(let lhm), .unauthorizedClient(let rhm)):       return lhm == rhm
 		case (.forbidden, .forbidden):                               return true
 		case (.wrongUsernamePassword, .wrongUsernamePassword):       return true
-		case (.accessDenied, .accessDenied):                         return true
+		case (.accessDenied(let lhm), .accessDenied(let rhm)):                   return lhm == rhm
 		case (.unsupportedResponseType, .unsupportedResponseType):   return true
-		case (.invalidScope, .invalidScope):                         return true
+		case (.invalidScope(let lhm), .invalidScope(let rhm)):                   return lhm == rhm
 		case (.serverError, .serverError):                           return true
-		case (.temporarilyUnavailable, .temporarilyUnavailable):     return true
+		case (.temporarilyUnavailable(let lhm), .temporarilyUnavailable(let rhm)):     return lhm == rhm
+		case (.invalidGrant(let lhm), .invalidGrant(let rhm)):       return lhm == rhm
 		case (.responseError(let lhm), .responseError(let rhm)):     return lhm == rhm
 		default:                                                     return false
 		}

Sources/Base/OAuth2Response.swift

@@ -86,7 +86,7 @@ open class OAuth2Response {
 			throw error
 		}
 		else if 401 == response.statusCode {
-			throw OAuth2Error.unauthorizedClient
+			throw OAuth2Error.unauthorizedClient(nil)
 		}
 		else if 403 == response.statusCode {
 			throw OAuth2Error.forbidden

Sources/DataLoader/OAuth2DataLoader.swift

@@ -115,7 +115,7 @@ open class OAuth2DataLoader: OAuth2Requestable {
 		super.perform(request: request) { response in
 			do {
 				if self.alsoIntercept403, 403 == response.response.statusCode {
-					throw OAuth2Error.unauthorizedClient
+					throw OAuth2Error.unauthorizedClient(nil)
 				}
 				let _ = try response.responseData()
 				callback(response)

Tests/BaseTests/OAuth2Tests.swift

@@ -134,7 +134,7 @@ class OAuth2Tests: XCTestCase {
 
 	func testQueryParamConversion() {
 		let qry = OAuth2RequestParams.formEncodedQueryStringFor(["a": "AA", "b": "BB", "x": "yz"])
-		XCTAssertEqual(14, qry.characters.count, "Expecting a 14 character string")
+		XCTAssertEqual(14, qry.count, "Expecting a 14 character string")
 
 		let dict = OAuth2.params(fromQuery: qry)
 		XCTAssertEqual(dict["a"]!, "AA", "Must unpack `a`")
@@ -144,7 +144,7 @@ class OAuth2Tests: XCTestCase {
 
 	func testQueryParamEncoding() {
 		let qry = OAuth2RequestParams.formEncodedQueryStringFor(["uri": "https://api.io", "str": "a string: cool!", "num": "3.14159"])
-		XCTAssertEqual(60, qry.characters.count, "Expecting a 60 character string")
+		XCTAssertEqual(60, qry.count, "Expecting a 60 character string")
 
 		let dict = OAuth2.params(fromQuery: qry)
 		XCTAssertEqual(dict["uri"]!, "https://api.io", "Must correctly unpack `uri`")

Tests/FlowTests/OAuth2CodeGrantTests.swift

@@ -94,7 +94,7 @@ class OAuth2CodeGrantTests: XCTestCase {
 		XCTAssertNil(query["client_secret"], "Must not have `client_secret`")
 		XCTAssertEqual(query["response_type"]!, "code", "Expecting correct `response_type`")
 		XCTAssertEqual(query["redirect_uri"]!, "oauth2://callback", "Expecting correct `redirect_uri`")
-		XCTAssertTrue(8 == (query["state"]!).characters.count, "Expecting an auto-generated UUID for `state`")
+		XCTAssertTrue(8 == (query["state"]!).count, "Expecting an auto-generated UUID for `state`")
 	}
 
 	func testRedirectURI() {

Tests/FlowTests/OAuth2DynRegTests.swift

@@ -114,7 +114,7 @@ class OAuth2DynRegTests: XCTestCase {
 
 class OAuth2TestDynReg: OAuth2DynReg {
 	override func register(client: OAuth2, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void)) {
-		callback(nil, OAuth2Error.temporarilyUnavailable)
+		callback(nil, OAuth2Error.temporarilyUnavailable(nil))
 	}
 }
 

Tests/FlowTests/OAuth2ImplicitGrantTests.swift

@@ -80,7 +80,7 @@ class OAuth2ImplicitGrantTests: XCTestCase
 		oauth.didAuthorizeOrFail = { authParameters, error in
 			XCTAssertNil(authParameters, "Nil auth dict expected")
 			XCTAssertNotNil(error, "Error message expected")
-			XCTAssertEqual(error, OAuth2Error.accessDenied)
+			XCTAssertEqual(error, OAuth2Error.accessDenied(nil))
 			XCTAssertEqual(error?.description, "The resource owner or authorization server denied the request.")
 		}
 		oauth.handleRedirectURL(URL(string: "https://auth.ful.io#error=access_denied")!)