Improve api based auth error handling

janakamarasena · Nov 9, 2023 · 62e41b9 · 62e41b9
1 parent d1f3c6e
commit 62e41b9
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 27 deletions.
diff --git a/.../org/wso2/carbon/identity/application/authentication/framework/AuthenticationService.java b/.../org/wso2/carbon/identity/application/authentication/framework/AuthenticationService.java
@@ -139,35 +139,80 @@ private void handleSuccessAuthResponse(AuthServiceRequestWrapper request, AuthSe
  private void handleFailedAuthResponse(AuthServiceRequestWrapper request, AuthServiceResponseWrapper response,
  AuthServiceResponse authServiceResponse) throws AuthServiceException {
 
- String errorCode = null;
- String errorMessage = null;
  if (request.isAuthFlowConcluded()) {
- authServiceResponse.setSessionDataKey(request.getSessionDataKey());
- authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.FAIL_COMPLETED);
- AuthenticationResult authenticationResult = getAuthenticationResult(request);
- if (authenticationResult != null) {
- errorCode = (String) authenticationResult.getProperty(FrameworkConstants.AUTH_ERROR_CODE);
- errorMessage = (String) authenticationResult.getProperty(FrameworkConstants.AUTH_ERROR_MSG);
- }
+ handleFailedConcludedAuthResponse(request, authServiceResponse);
  } else {
- authServiceResponse.setSessionDataKey(request.getSessionDataKey());
- authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.FAIL_INCOMPLETE);
- List<AuthenticatorData> authenticatorDataList = request.getAuthInitiationData();
- AuthServiceResponseData responseData = new AuthServiceResponseData(authenticatorDataList);
- authServiceResponse.setData(responseData);
- errorCode = getErrorCode(response);
- errorMessage = getErrorMessage(response);
+ handleFailedIncompleteAuthResponse(request, response, authServiceResponse);
+ }
+ }
+
+ private void handleFailedConcludedAuthResponse(AuthServiceRequestWrapper request,
+ AuthServiceResponse authServiceResponse) {
+
+ String errorCode = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE.code();
+ String errorMessage = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE.message();
+ String errorDescription = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE.description();
+ String internalErrorCode = null;
+ String internalErrorMessage = null;
+
+ authServiceResponse.setSessionDataKey(request.getSessionDataKey());
+ authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.FAIL_COMPLETED);
+ AuthenticationResult authenticationResult = getAuthenticationResult(request);
+ if (authenticationResult != null) {
+ internalErrorCode = (String) authenticationResult.getProperty(FrameworkConstants.AUTH_ERROR_CODE);
+ internalErrorMessage = (String) authenticationResult.getProperty(FrameworkConstants.AUTH_ERROR_MSG);
+ }
+
+ String errorMsgBuilder = StringUtils.EMPTY;
+ if (StringUtils.isNotBlank(internalErrorCode)) {
+ errorMsgBuilder = internalErrorCode;
+ }
+
+ if (StringUtils.isNotBlank(internalErrorMessage)) {
+ if (StringUtils.isNotBlank(errorMsgBuilder)) {
+ errorMsgBuilder = errorMsgBuilder + AuthServiceConstants.INTERNAL_ERROR_MSG_SEPARATOR
+ + internalErrorMessage;
+ } else if (StringUtils.isBlank(errorMsgBuilder)) {
+ errorMsgBuilder = internalErrorMessage;
+ }
+ }
+
+ /*If there is an error message and an error code provided from the authentication framework then the
+ final error message will be set as "<internal errorCode> - <internal errorMessage>".
+ This is done to preserve the error details while sending out a standard error response.*/
+ if (StringUtils.isNotBlank(errorMsgBuilder)) {
+ errorMessage = errorMsgBuilder;
  }
 
+ AuthServiceErrorInfo errorInfo = new AuthServiceErrorInfo(errorCode, errorMessage, errorDescription);
+ authServiceResponse.setErrorInfo(errorInfo);
+ }
+
+ private void handleFailedIncompleteAuthResponse(AuthServiceRequestWrapper request, AuthServiceResponseWrapper
+ response, AuthServiceResponse authServiceResponse) throws AuthServiceException {
+
+ String errorCode;
+ String errorMessage;
+ String errorDescription = AuthServiceConstants.ErrorMessage.
+ ERROR_AUTHENTICATION_FAILURE_RETRY_AVAILABLE.description();
+
+ authServiceResponse.setSessionDataKey(request.getSessionDataKey());
+ authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.FAIL_INCOMPLETE);
+ List<AuthenticatorData> authenticatorDataList = request.getAuthInitiationData();
+ AuthServiceResponseData responseData = new AuthServiceResponseData(authenticatorDataList);
+ authServiceResponse.setData(responseData);
+ errorCode = getErrorCode(response);
+ errorMessage = getErrorMessage(response);
+
  if (StringUtils.isBlank(errorCode)) {
- errorCode = AuthServiceConstants.ERROR_CODE_UNKNOWN_ERROR;
+ errorCode = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE_RETRY_AVAILABLE.code();
  }
 
  if (StringUtils.isBlank(errorMessage)) {
- errorMessage = AuthServiceConstants.ERROR_MSG_UNKNOWN_ERROR;
+ errorMessage = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE_RETRY_AVAILABLE.message();
  }
 
- AuthServiceErrorInfo errorInfo = new AuthServiceErrorInfo(errorCode, errorMessage);
+ AuthServiceErrorInfo errorInfo = new AuthServiceErrorInfo(errorCode, errorMessage, errorDescription);
  authServiceResponse.setErrorInfo(errorInfo);
  }
 

diff --git a/...dentity/application/authentication/framework/model/auth/service/AuthServiceErrorInfo.java b/...dentity/application/authentication/framework/model/auth/service/AuthServiceErrorInfo.java
@@ -25,15 +25,17 @@ public class AuthServiceErrorInfo {
 
  private String errorCode;
  private String errorMessage;
+ private String errorDescription;
 
  public AuthServiceErrorInfo() {
 
  }
 
- public AuthServiceErrorInfo(String errorCode, String errorMessage) {
+ public AuthServiceErrorInfo(String errorCode, String errorMessage, String errorDescription) {
 
  this.errorCode = errorCode;
  this.errorMessage = errorMessage;
+ this.errorDescription = errorDescription;
  }
 
  public String getErrorCode() {
@@ -55,4 +57,14 @@ public void setErrorMessage(String errorMessage) {
 
  this.errorMessage = errorMessage;
  }
+
+ public String getErrorDescription() {
+
+ return errorDescription;
+ }
+
+ public void setErrorDescription(String errorDescription) {
+
+ this.errorDescription = errorDescription;
+ }
 }
diff --git a/...identity/application/authentication/framework/util/auth/service/AuthServiceConstants.java b/...identity/application/authentication/framework/util/auth/service/AuthServiceConstants.java
@@ -41,11 +41,10 @@ public enum FlowStatus {
  public static final String FLOW_ID = "flowId";
  public static final String AUTHENTICATOR_SEPARATOR = ";";
  public static final String AUTHENTICATOR_IDP_SEPARATOR = ":";
+ public static final String INTERNAL_ERROR_MSG_SEPARATOR = "-";
  public static final String AUTH_FAILURE_PARAM = "authFailure";
  public static final String AUTH_FAILURE_MSG_PARAM = "authFailureMsg";
  public static final String ERROR_CODE_PARAM = "errorCode";
- public static final String ERROR_CODE_UNKNOWN_ERROR = "UNKNOWN_ERROR";
- public static final String ERROR_MSG_UNKNOWN_ERROR = "Unknown error occurred.";
  public static final String ERROR_CODE_PREFIX = "ABA-";
 
  /**
@@ -57,7 +56,13 @@ public enum ErrorMessage {
  ERROR_INVALID_AUTH_REQUEST("60001",
  "Invalid authentication request.",
  "Received authentication request is invalid."),
- ERROR_INVALID_AUTHENTICATOR_ID("60002",
+ ERROR_AUTHENTICATION_FAILURE("60002",
+ "Authentication failure.",
+ "Authentication flow has concluded with a failure."),
+ ERROR_AUTHENTICATION_FAILURE_RETRY_AVAILABLE("60003",
+ "Authentication failure.",
+ "Authentication failure please retry."),
+ ERROR_INVALID_AUTHENTICATOR_ID("60004",
  "Invalid authenticatorId.",
  "Provided authenticatorId %s is invalid."),
 

diff --git a/.../wso2/carbon/identity/application/authentication/framework/AuthenticationServiceTest.java b/.../wso2/carbon/identity/application/authentication/framework/AuthenticationServiceTest.java
@@ -157,16 +157,19 @@ public void testHandleAuthentication(boolean isMultiOpsResponse, String redirect
  public Object[][] authProviderForFailures() {
 
  // String redirectUrl, Object authenticatorFlowStatus, Object authServiceFlowStatus,
- // String sessionDataKey, String authenticatorList, String errorCode,String errorMsg
+ // String sessionDataKey, String authenticatorList, String errorCode, String errorMsg
  return new Object[][]{
  {getFailureRedirectUrl(SESSION_DATA_KEY, SINGLE_AUTHENTICATOR, ERROR_MSG_LOGIN_FAIL),
  AuthenticatorFlowStatus.INCOMPLETE, AuthServiceConstants.FlowStatus.FAIL_INCOMPLETE,
- SESSION_DATA_KEY, SINGLE_AUTHENTICATOR, AuthServiceConstants.ERROR_CODE_UNKNOWN_ERROR,
+ SESSION_DATA_KEY, SINGLE_AUTHENTICATOR,
+ AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE_RETRY_AVAILABLE.code(),
  ERROR_MSG_LOGIN_FAIL},
  {getFinalRedirectUrl(FINAL_SESSION_DATA_KEY),
  AuthenticatorFlowStatus.FAIL_COMPLETED, AuthServiceConstants.FlowStatus.FAIL_COMPLETED,
- FINAL_SESSION_DATA_KEY, StringUtils.EMPTY, AuthServiceConstants.ERROR_CODE_UNKNOWN_ERROR,
- AuthServiceConstants.ERROR_MSG_UNKNOWN_ERROR},
+ FINAL_SESSION_DATA_KEY, StringUtils.EMPTY,
+ AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE.code(),
+ AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE.message()}
+ ,
  };
  }