libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-3220 Improve error handling on adapters

Browse source
This commit is contained in:
mposolda 2016-07-14 23:55:27 +02:00
parent dcc4ea3aea
commit 13a21e5fda
5 changed files with 31 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
adapters/oidc/js/src/main/resources/keycloak.js
View file

@ -103,8 +103,8 @@
initPromise.promise.success(function() {
kc.onReady && kc.onReady(kc.authenticated);
promise.setSuccess(kc.authenticated);
}).error(function() {
promise.setError();
}).error(function(errorData) {
promise.setError(errorData);
});
var configPromise = loadConfig(config);
@ -462,8 +462,9 @@
if (error) {
if (prompt != 'none') {
kc.onAuthError && kc.onAuthError();
promise && promise.setError();
var errorData = { error: error, error_description: oauth.error_description };
kc.onAuthError && kc.onAuthError(errorData);
promise && promise.setError(errorData);
} else {
promise && promise.setSuccess();
}
@ -1154,7 +1155,7 @@
}
var handleQueryParam = function(paramName, paramValue, oauth) {
var supportedOAuthParams = [ 'code', 'error', 'state' ];
var supportedOAuthParams = [ 'code', 'state', 'error', 'error_description' ];
for (var i = 0 ; i< supportedOAuthParams.length ; i++) {
if (paramName === supportedOAuthParams[i]) {

6
examples/demo-template/customer-app-js/src/main/webapp/customers/view.html
View file

@ -97,7 +97,11 @@ User <b id="subject"></b> made this request.
});
}
keycloak.init({ onLoad: 'login-required' }).success(reloadData);
keycloak.init({ onLoad: 'login-required' })
.success(reloadData)
.error(function(errorData) {
document.getElementById('customers').innerHTML = '<b>Failed to load data. Error: ' + JSON.stringify(errorData) + '</b>';
});
</script>

4
examples/js-console/src/main/webapp/index.html
View file

@ -110,8 +110,8 @@
event('Auth Success');
};
keycloak.onAuthError = function () {
event('Auth Error');
keycloak.onAuthError = function (errorData) {
event("Auth Error: " + JSON.stringify(errorData) );
};
keycloak.onAuthRefreshSuccess = function () {

7
services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
View file

@ -265,6 +265,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
OIDCResponseMode defaultResponseMode = client.isImplicitFlowEnabled() ? OIDCResponseMode.FRAGMENT : OIDCResponseMode.QUERY;
if (responseType == null) {
logger.missingParameter(OAuth2Constants.RESPONSE_TYPE);
event.error(Errors.INVALID_REQUEST);
return redirectErrorToClient(defaultResponseMode, OAuthErrorException.INVALID_REQUEST, "Missing parameter: response_type");
}
@ -277,7 +278,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
action = Action.CODE;
}
} catch (IllegalArgumentException iae) {
logger.error(iae);
logger.error(iae.getMessage());
event.error(Errors.INVALID_REQUEST);
return redirectErrorToClient(defaultResponseMode, OAuthErrorException.UNSUPPORTED_RESPONSE_TYPE, null);
}
@ -286,6 +287,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
try {
parsedResponseMode = OIDCResponseMode.parse(responseMode, parsedResponseType);
} catch (IllegalArgumentException iae) {
logger.invalidParameter(OIDCLoginProtocol.RESPONSE_MODE_PARAM);
event.error(Errors.INVALID_REQUEST);
return redirectErrorToClient(defaultResponseMode, OAuthErrorException.INVALID_REQUEST, "Invalid parameter: response_mode");
}
@ -294,16 +296,19 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
// Disallowed by OIDC specs
if (parsedResponseType.isImplicitOrHybridFlow() && parsedResponseMode == OIDCResponseMode.QUERY) {
logger.responseModeQueryNotAllowed();
event.error(Errors.INVALID_REQUEST);
return redirectErrorToClient(defaultResponseMode, OAuthErrorException.INVALID_REQUEST, "Response_mode 'query' not allowed for implicit or hybrid flow");
}
if ((parsedResponseType.hasResponseType(OIDCResponseType.CODE) || parsedResponseType.hasResponseType(OIDCResponseType.NONE)) && !client.isStandardFlowEnabled()) {
logger.flowNotAllowed("Standard");
event.error(Errors.NOT_ALLOWED);
return redirectErrorToClient(parsedResponseMode, OAuthErrorException.UNSUPPORTED_RESPONSE_TYPE, "Client is not allowed to initiate browser login with given response_type. Standard flow is disabled for the client.");
}
if (parsedResponseType.isImplicitOrHybridFlow() && !client.isImplicitFlowEnabled()) {
logger.flowNotAllowed("Implicit");
event.error(Errors.NOT_ALLOWED);
return redirectErrorToClient(parsedResponseMode, OAuthErrorException.UNSUPPORTED_RESPONSE_TYPE, "Client is not allowed to initiate browser login with given response_type. Implicit flow is disabled for the client.");
}

12
services/src/main/java/org/keycloak/services/ServicesLogger.java
View file

@ -409,4 +409,16 @@ public interface ServicesLogger extends BasicLogger {
@Message(id=91, value="Request is missing scope 'openid' so it's not treated as OIDC, but just pure OAuth2 request. This can have impact in future versions (eg. removed IDToken from the Token Response)")
@Once
void oidcScopeMissing();
@LogMessage(level = ERROR)
@Message(id=92, value="Missing parameter: %s")
void missingParameter(String paramName);
@LogMessage(level = ERROR)
@Message(id=93, value="Invalid parameter value for: %s")
void invalidParameter(String paramName);
@LogMessage(level = ERROR)
@Message(id=94, value="Client is not allowed to initiate browser login with given response_type. %s flow is disabled for the client.")
void flowNotAllowed(String flowName);
}