Refactoring OAuthErrors

geelen · geelen · commit e3307e576af1 · 2025-05-30T09:56:43.000+10:00
This makes it possible to parse them from JSON, using OAUTH_ERRORS
diff --git a/src/server/auth/errors.ts b/src/server/auth/errors.ts
@@ -4,12 +4,15 @@ import { OAuthErrorResponse } from "../../shared/auth.js";
  * Base class for all OAuth errors
  */
 export class OAuthError extends Error {
+  static errorCode: string;
+  public errorCode: string;
+
   constructor(
-    public readonly errorCode: string,
     message: string,
     public readonly errorUri?: string
   ) {
     super(message);
+    this.errorCode = (this.constructor as typeof OAuthError).errorCode
     this.name = this.constructor.name;
   }
 
@@ -36,19 +39,15 @@ export class OAuthError extends Error {
  * or is otherwise malformed.
  */
 export class InvalidRequestError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("invalid_request", message, errorUri);
-  }
+  static errorCode = "invalid_request";
 }
 
 /**
  * Invalid client error - Client authentication failed (e.g., unknown client, no client
  * authentication included, or unsupported authentication method).
  */
 export class InvalidClientError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("invalid_client", message, errorUri);
-  }
+  static errorCode = "invalid_client";
 }
 
 /**
@@ -57,135 +56,139 @@ export class InvalidClientError extends OAuthError {
  * authorization request, or was issued to another client.
  */
 export class InvalidGrantError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("invalid_grant", message, errorUri);
-  }
+  static errorCode = "invalid_grant";
 }
 
 /**
  * Unauthorized client error - The authenticated client is not authorized to use
  * this authorization grant type.
  */
 export class UnauthorizedClientError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("unauthorized_client", message, errorUri);
-  }
+  static errorCode = "unauthorized_client";
 }
 
 /**
  * Unsupported grant type error - The authorization grant type is not supported
  * by the authorization server.
  */
 export class UnsupportedGrantTypeError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("unsupported_grant_type", message, errorUri);
-  }
+  static errorCode = "unsupported_grant_type";
 }
 
 /**
  * Invalid scope error - The requested scope is invalid, unknown, malformed, or
  * exceeds the scope granted by the resource owner.
  */
 export class InvalidScopeError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("invalid_scope", message, errorUri);
-  }
+  static errorCode = "invalid_scope";
 }
 
 /**
  * Access denied error - The resource owner or authorization server denied the request.
  */
 export class AccessDeniedError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("access_denied", message, errorUri);
-  }
+  static errorCode = "access_denied";
 }
 
 /**
  * Server error - The authorization server encountered an unexpected condition
  * that prevented it from fulfilling the request.
  */
 export class ServerError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("server_error", message, errorUri);
-  }
+  static errorCode = "server_error";
 }
 
 /**
  * Temporarily unavailable error - The authorization server is currently unable to
  * handle the request due to a temporary overloading or maintenance of the server.
  */
 export class TemporarilyUnavailableError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("temporarily_unavailable", message, errorUri);
-  }
+  static errorCode = "temporarily_unavailable";
 }
 
 /**
  * Unsupported response type error - The authorization server does not support
  * obtaining an authorization code using this method.
  */
 export class UnsupportedResponseTypeError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("unsupported_response_type", message, errorUri);
-  }
+  static errorCode = "unsupported_response_type";
 }
 
 /**
  * Unsupported token type error - The authorization server does not support
  * the requested token type.
  */
 export class UnsupportedTokenTypeError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("unsupported_token_type", message, errorUri);
-  }
+  static errorCode = "unsupported_token_type";
 }
 
 /**
  * Invalid token error - The access token provided is expired, revoked, malformed,
  * or invalid for other reasons.
  */
 export class InvalidTokenError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("invalid_token", message, errorUri);
-  }
+  static errorCode = "invalid_token";
 }
 
 /**
  * Method not allowed error - The HTTP method used is not allowed for this endpoint.
  * (Custom, non-standard error)
  */
 export class MethodNotAllowedError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("method_not_allowed", message, errorUri);
-  }
+  static errorCode = "method_not_allowed";
 }
 
 /**
  * Too many requests error - Rate limit exceeded.
  * (Custom, non-standard error based on RFC 6585)
  */
 export class TooManyRequestsError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("too_many_requests", message, errorUri);
-  }
+  static errorCode = "too_many_requests";
 }
 
 /**
  * Invalid client metadata error - The client metadata is invalid.
  * (Custom error for dynamic client registration - RFC 7591)
  */
 export class InvalidClientMetadataError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("invalid_client_metadata", message, errorUri);
-  }
+  static errorCode = "invalid_client_metadata";
 }
 
 /**
  * Insufficient scope error - The request requires higher privileges than provided by the access token.
  */
 export class InsufficientScopeError extends OAuthError {
-  constructor(message: string, errorUri?: string) {
-    super("insufficient_scope", message, errorUri);
+  static errorCode = "insufficient_scope";
+}
+
+/**
+ * A utility class for defining one-off error codes
+ */
+export class CustomOAuthError extends OAuthError {
+  constructor(errorCode: string, message: string, errorUri?: string) {
+    super(message, errorUri);
+    this.errorCode = errorCode
   }
 }
+
+/**
+ * A full list of all OAuthErrors, enabling parsing from error responses
+ */
+export const OAUTH_ERRORS = {
+  [InvalidRequestError.errorCode]: InvalidRequestError,
+  [InvalidClientError.errorCode]: InvalidClientError,
+  [InvalidGrantError.errorCode]: InvalidGrantError,
+  [UnauthorizedClientError.errorCode]: UnauthorizedClientError,
+  [UnsupportedGrantTypeError.errorCode]: UnsupportedGrantTypeError,
+  [InvalidScopeError.errorCode]: InvalidScopeError,
+  [AccessDeniedError.errorCode]: AccessDeniedError,
+  [ServerError.errorCode]: ServerError,
+  [TemporarilyUnavailableError.errorCode]: TemporarilyUnavailableError,
+  [UnsupportedResponseTypeError.errorCode]: UnsupportedResponseTypeError,
+  [UnsupportedTokenTypeError.errorCode]: UnsupportedTokenTypeError,
+  [InvalidTokenError.errorCode]: InvalidTokenError,
+  [MethodNotAllowedError.errorCode]: MethodNotAllowedError,
+  [TooManyRequestsError.errorCode]: TooManyRequestsError,
+  [InvalidClientMetadataError.errorCode]: InvalidClientMetadataError,
+  [InsufficientScopeError.errorCode]: InsufficientScopeError,
+} as const;
diff --git a/src/server/auth/middleware/bearerAuth.test.ts b/src/server/auth/middleware/bearerAuth.test.ts
@@ -1,7 +1,7 @@
 import { Request, Response } from "express";
 import { requireBearerAuth } from "./bearerAuth.js";
 import { AuthInfo } from "../types.js";
-import { InsufficientScopeError, InvalidTokenError, OAuthError, ServerError } from "../errors.js";
+import { CustomOAuthError, InsufficientScopeError, InvalidTokenError, ServerError } from "../errors.js";
 import { OAuthServerProvider } from "../provider.js";
 import { OAuthRegisteredClientsStore } from "../clients.js";
 
@@ -59,7 +59,7 @@ describe("requireBearerAuth middleware", () => {
     expect(mockResponse.status).not.toHaveBeenCalled();
     expect(mockResponse.json).not.toHaveBeenCalled();
   });
-  
+
   it("should reject expired tokens", async () => {
     const expiredAuthInfo: AuthInfo = {
       token: "expired-token",
@@ -87,7 +87,7 @@ describe("requireBearerAuth middleware", () => {
     );
     expect(nextFunction).not.toHaveBeenCalled();
   });
-  
+
   it("should accept non-expired tokens", async () => {
     const nonExpiredAuthInfo: AuthInfo = {
       token: "valid-token",
@@ -274,7 +274,7 @@ describe("requireBearerAuth middleware", () => {
       authorization: "Bearer valid-token",
     };
 
-    mockVerifyAccessToken.mockRejectedValue(new OAuthError("custom_error", "Some OAuth error"));
+    mockVerifyAccessToken.mockRejectedValue(new CustomOAuthError("custom_error", "Some OAuth error"));
 
     const middleware = requireBearerAuth({ provider: mockProvider });
     await middleware(mockRequest as Request, mockResponse as Response, nextFunction);
