updateAccessToken() throw new ClientHandlerException() if non HTTP 200 code or accessTokenResponse is null

psytester · web-flow · commit 8ed7fd64aeea · 2018-02-22T10:57:07.000+01:00
There was no error indication in case the oAuth request get back a non HTTP 200 code, e.g. HTTP 400 / 401 / 403 / ....
diff --git a/src/main/java/com/docusign/esign/client/auth/OAuth.java b/src/main/java/com/docusign/esign/client/auth/OAuth.java
@@ -3,6 +3,8 @@
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.core.Response;
+
 import org.apache.oltu.oauth2.client.HttpClient;
 import org.apache.oltu.oauth2.client.OAuthClient;
 import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
@@ -84,17 +86,28 @@ public synchronized void updateAccessToken() {
 		} catch (Exception e) {
 			throw new ClientHandlerException(e.getMessage(), e);
 		}
-		if (accessTokenResponse != null && accessTokenResponse.getAccessToken() != null) {
+		if (accessTokenResponse != null)
+		{
+			// FIXME: This does not work in case of non HTTP 200 :-( oauthClient needs to return the plain HTTP resonse
+			if (accessTokenResponse.getResponseCode() != Response.Status.OK.getStatusCode())
+			{
+				throw new ClientHandlerException("Error while requesting an access token, received HTTP code: " + accessTokenResponse.getResponseCode());
+			}
+		
 			if (accessTokenResponse.getAccessToken() == null) {
 				throw new ClientHandlerException("Error while requesting an access token. No 'access_token' found.");
 			}
 			if (accessTokenResponse.getExpiresIn() == null) {
 				throw new ClientHandlerException("Error while requesting an access token. No 'expires_in' found.");
 			}
+		
 			setAccessToken(accessTokenResponse.getAccessToken(), accessTokenResponse.getExpiresIn());
-			if (accessTokenListener != null) {
-				accessTokenListener.notify((BasicOAuthToken) accessTokenResponse.getOAuthToken());
+			if (this.accessTokenListener != null) {
+				this.accessTokenListener.notify((BasicOAuthToken)accessTokenResponse.getOAuthToken());
 			}
+		} else {
+			// in case of HTTP error codes accessTokenResponse is null, thus no check of accessTokenResponse.getResponseCode() possible :-(
+			throw new ClientHandlerException("Error while requesting an access token. No accessTokenResponse object recieved, maybe a non HTTP 200 received?");
 		}
 	}
 
