KEYCLOAK-16947 add error parameters to access token response & improve logging

2021-01-28 08:54:19 +01:00 · 2021-01-28 08:54:19 +01:00 · f66354a80e
commit f66354a80e
parent 95bf912dc9
3 changed files with 37 additions and 2 deletions
--- a/core/src/main/java/org/keycloak/representations/AccessTokenResponse.java
+++ b/core/src/main/java/org/keycloak/representations/AccessTokenResponse.java
@ -61,6 +61,15 @@ public class AccessTokenResponse {
    @JsonProperty("scope")
    protected String scope;

+    @JsonProperty("error")
+    protected String error;
+
+    @JsonProperty("error_description")
+    protected String errorDescription;
+
+    @JsonProperty("error_uri")
+    protected String errorUri;
+
    public String getScope() {
        return scope;
    }
@ -143,4 +152,28 @@ public class AccessTokenResponse {
        otherClaims.put(name, value);
    }

+    public String getError() {
+        return error;
+    }
+
+    public void setError(String error) {
+        this.error = error;
+    }
+
+    public String getErrorDescription() {
+        return errorDescription;
+    }
+
+    public void setErrorDescription(String errorDescription) {
+        this.errorDescription = errorDescription;
+    }
+
+    public String getErrorUri() {
+        return errorUri;
+    }
+
+    public void setErrorUri(String errorUri) {
+        this.errorUri = errorUri;
+    }
+
 }
--- a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
@ -518,7 +518,9 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
        String accessToken = tokenResponse.getToken();

        if (accessToken == null) {
-            throw new IdentityBrokerException("No access_token from server.");
+            throw new IdentityBrokerException("No access_token from server. error='" + tokenResponse.getError() +
+                    "', error_description='" + tokenResponse.getErrorDescription() +
+                    "', error_uri='" + tokenResponse.getErrorUri() + "'");
        }
        return accessToken;
    }
--- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/LinkAndExchangeServlet.java
+++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/LinkAndExchangeServlet.java
@ -118,7 +118,7 @@ public class LinkAndExchangeServlet extends HttpServlet {
            String linkUrl = null;
            try {
                AccessTokenResponse response = doTokenExchange(realm, tokenString, provider,  clientId, "password");
-                String error = (String)response.getOtherClaims().get("error");
+                String error = response.getError();
                if (error != null) {
                    System.out.println("*** error : " + error);
                    System.out.println("*** link-url: " + response.getOtherClaims().get("account-link-url"));