feat(oidc): return defined error when discovery failed (#653)

ay4toh5i · muhlemmer · web-flow · commit 3b64e792ed1c · 2024-09-20T12:33:28.000+03:00
* feat(oidc): return defined error when discovery failed

* Use errors.Join() to join errors

Co-authored-by: Tim Möhlmann &lt;muhlemmer@gmail.com&gt;

* Remove unnecessary field

Co-authored-by: Tim Möhlmann &lt;muhlemmer@gmail.com&gt;

* Fix order and message

Co-authored-by: Tim Möhlmann &lt;muhlemmer@gmail.com&gt;

* Fix error order

* Simplify error assertion

Co-authored-by: Tim Möhlmann &lt;muhlemmer@gmail.com&gt;

---------

Co-authored-by: Tim Möhlmann &lt;muhlemmer@gmail.com&gt;
diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -42,7 +42,7 @@ func Discover(ctx context.Context, issuer string, httpClient *http.Client, wellK
 	discoveryConfig := new(oidc.DiscoveryConfiguration)
 	err = httphelper.HttpRequest(httpClient, req, &discoveryConfig)
 	if err != nil {
-		return nil, err
+		return nil, errors.Join(oidc.ErrDiscoveryFailed, err)
 	}
 	if logger, ok := logging.FromContext(ctx); ok {
 		logger.Debug("discover", "config", discoveryConfig)
diff --git a/pkg/client/client_test.go b/pkg/client/client_test.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
 )
 
 func TestDiscover(t *testing.T) {
@@ -22,7 +23,7 @@ func TestDiscover(t *testing.T) {
 		name       string
 		args       args
 		wantFields *wantFields
-		wantErr    bool
+		wantErr    error
 	}{
 		{
 			name: "spotify", // https://github.com/zitadel/oidc/issues/406
@@ -32,17 +33,20 @@ func TestDiscover(t *testing.T) {
 			wantFields: &wantFields{
 				UILocalesSupported: true,
 			},
-			wantErr: false,
+			wantErr: nil,
+		},
+		{
+			name: "discovery failed",
+			args: args{
+				issuer: "https://example.com",
+			},
+			wantErr: oidc.ErrDiscoveryFailed,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := Discover(context.Background(), tt.args.issuer, http.DefaultClient, tt.args.wellKnownUrl...)
-			if tt.wantErr {
-				assert.Error(t, err)
-				return
-			}
-			require.NoError(t, err)
+			require.ErrorIs(t, err, tt.wantErr)
 			if tt.wantFields == nil {
 				return
 			}
diff --git a/pkg/oidc/verifier.go b/pkg/oidc/verifier.go
@@ -41,6 +41,7 @@ type IDClaims interface {
 var (
 	ErrParse                   = errors.New("parsing of request failed")
 	ErrIssuerInvalid           = errors.New("issuer does not match")
+	ErrDiscoveryFailed         = errors.New("OpenID Provider Configuration Discovery has failed")
 	ErrSubjectMissing          = errors.New("subject missing")
 	ErrAudience                = errors.New("audience is not valid")
 	ErrAzpMissing              = errors.New("authorized party is not set. If Token is valid for multiple audiences, azp must not be empty")

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ func Discover(ctx context.Context, issuer string, httpClient *http.Client, wellK`
`42`	`42`	`discoveryConfig := new(oidc.DiscoveryConfiguration)`
`43`	`43`	`err = httphelper.HttpRequest(httpClient, req, &discoveryConfig)`
`44`	`44`	`if err != nil {`
`45`		`- return nil, err`
	`45`	`+ return nil, errors.Join(oidc.ErrDiscoveryFailed, err)`
`46`	`46`	`}`
`47`	`47`	`if logger, ok := logging.FromContext(ctx); ok {`
`48`	`48`	`logger.Debug("discover", "config", discoveryConfig)`