update oauth error handling, for now a hack to get suberror from

error_description and a fallback logic on error_subcode.
AzureAD · May 4, 2018 · 69e15a1 · 69e15a1
1 parent 7b5255b
commit 69e15a1
Show file tree

Hide file tree

Showing 8 changed files with 23 additions and 11 deletions.
diff --git a/IdentityCore/src/MSIDError.m b/IdentityCore/src/MSIDError.m
@@ -67,5 +67,6 @@ MSIDErrorCode MSIDErrorCodeForOAuthError(NSString *oauthError, MSIDErrorCode def
     {
         return MSIDErrorInvalidGrant;
     }
+
     return defaultCode;
 }
diff --git a/IdentityCore/src/MSIDOAuth2Constants.h b/IdentityCore/src/MSIDOAuth2Constants.h
@@ -33,6 +33,7 @@ extern NSString *const MSID_OAUTH2_CLIENT_ID;
 extern NSString *const MSID_OAUTH2_CODE;
 extern NSString *const MSID_OAUTH2_ERROR;
 extern NSString *const MSID_OAUTH2_ERROR_DESCRIPTION;
+extern NSString *const MSID_OAUTH2_ERROR_SUBCODE;
 extern NSString *const MSID_OAUTH2_EXPIRES_IN;
 extern NSString *const MSID_OAUTH2_GRANT_TYPE;
 extern NSString *const MSID_OAUTH2_REDIRECT_URI;

diff --git a/IdentityCore/src/MSIDOAuth2Constants.m b/IdentityCore/src/MSIDOAuth2Constants.m
@@ -35,6 +35,7 @@
 NSString *const MSID_OAUTH2_CODE               = @"code";
 NSString *const MSID_OAUTH2_ERROR              = @"error";
 NSString *const MSID_OAUTH2_ERROR_DESCRIPTION  = @"error_description";
+NSString *const MSID_OAUTH2_ERROR_SUBCODE      = @"error_subcode";
 NSString *const MSID_OAUTH2_EXPIRES_IN         = @"expires_in";
 NSString *const MSID_OAUTH2_GRANT_TYPE         = @"grant_type";
 NSString *const MSID_OAUTH2_REDIRECT_URI       = @"redirect_uri";

diff --git a/IdentityCore/src/oauth2/MSIDRequestParameters.h b/IdentityCore/src/oauth2/MSIDRequestParameters.h
@@ -54,7 +54,7 @@
 @property (readwrite) NSString *requestState;
 
 // Is this only for V2?
-@property (readonly) MSIDPkce *pkce;
+@property (readwrite) MSIDPkce *pkce;
 
 @property (readwrite) MSIDClientInfo *clientInfo;
 @property (readwrite) NSString *rawIdTokenString;

diff --git a/IdentityCore/src/oauth2/MSIDRequestParameters.m b/IdentityCore/src/oauth2/MSIDRequestParameters.m
@@ -67,8 +67,6 @@ - (instancetype)initWithAuthority:(NSURL *)authority
         _redirectUri = redirectUri;
         _clientId = clientId;
         _target = target;
-
-        _pkce = [MSIDPkce new];
     }
 
     return self;

diff --git a/IdentityCore/src/webview/MSIDWebviewAuthorization.h b/IdentityCore/src/webview/MSIDWebviewAuthorization.h
@@ -52,7 +52,6 @@
 
 #if TARGET_OS_IPHONE
 + (void)startSystemWebviewWebviewAuthWithRequestParameters:(MSIDRequestParameters *)parameters
-                                         callbackURLScheme:(NSString *)callbackURLScheme
                                                    factory:(MSIDOauth2Factory *)factory
                                                    context:(id<MSIDRequestContext>)context
                                          completionHandler:(MSIDWebUICompletionHandler)completionHandler;

diff --git a/IdentityCore/src/webview/MSIDWebviewAuthorization.m b/IdentityCore/src/webview/MSIDWebviewAuthorization.m
@@ -64,14 +64,13 @@ + (void)startEmbeddedWebviewWebviewAuthWithRequestParameters:(MSIDRequestParamet
 }
 
 + (void)startSystemWebviewWebviewAuthWithRequestParameters:(MSIDRequestParameters *)parameters
-                                         callbackURLScheme:(NSString *)callbackURLScheme
                                                    factory:(MSIDOauth2Factory *)factory
                                                    context:(id<MSIDRequestContext>)context
                                          completionHandler:(MSIDWebUICompletionHandler)completionHandler
 {
 
     id<MSIDWebviewInteracting> systemWebviewController = [factory systemWebviewControllerWithRequest:parameters
-                                                                                   callbackURLScheme:callbackURLScheme
+                                                                                   callbackURLScheme:parameters.redirectUri
                                                                                              context:context
                                                                                    completionHandler:completionHandler];
     [self startWebviewAuth:systemWebviewController
@@ -178,7 +177,7 @@ + (MSIDWebOAuth2Response *)responseWithURL:(NSURL *)url
         return wpjResponse;
     }
 
-    // Check for AAD response
+    // Check for AAD response,
     MSIDWebAADAuthResponse *aadResponse = [[MSIDWebAADAuthResponse alloc] initWithParameters:parameters
                                                                                 requestState:requestState
                                                                                stateVerifier:stateVerifier
@@ -198,7 +197,6 @@ + (MSIDWebOAuth2Response *)responseWithURL:(NSURL *)url
     {
         oauth2Response.url = url;
         return oauth2Response;
-
     }
 
     // Any other errors are caught here

diff --git a/IdentityCore/src/webview/response/MSIDWebOAuth2Response.m b/IdentityCore/src/webview/response/MSIDWebOAuth2Response.m
@@ -35,14 +35,22 @@ - (instancetype)initWithParameters:(NSDictionary *)parameters
                            context:(id<MSIDRequestContext>)context
                              error:(NSError **)error
 {
+    NSString *authCode = parameters[MSID_OAUTH2_CODE];
+    NSError *oauthError = [self.class oauthErrorFromParameters:parameters];
+
+    if (!authCode && !oauthError)
+    {
+        return nil;
+    }
+
     self = [super init];
     if (self)
     {
         // populate auth code
-        _authorizationCode = parameters[MSID_OAUTH2_CODE];
+        _authorizationCode = authCode;
 
         // populate oauth error
-        _oauthError = [self.class oauthErrorFromParameters:parameters];
+        _oauthError = oauthError;
     }
     return self;
 }
@@ -53,12 +61,18 @@ + (NSError *)oauthErrorFromParameters:(NSDictionary *)parameters
     [[NSUUID alloc] initWithUUIDString:[parameters objectForKey:MSID_OAUTH2_CORRELATION_ID_RESPONSE]]:nil;
 
     NSString *serverOAuth2Error = [parameters objectForKey:MSID_OAUTH2_ERROR];
+    //login_required  ; has error_description
+    //access_denied ; has error_subcode
 
     if (serverOAuth2Error)
     {
         NSString *errorDescription = parameters[MSID_OAUTH2_ERROR_DESCRIPTION];
-        NSString *subError = parameters[MSID_OAUTH2_SUB_ERROR];
+        if (!errorDescription)
+        {
+            errorDescription = parameters[MSID_OAUTH2_ERROR_SUBCODE];
+        }
 
+        NSString *subError = parameters[MSID_OAUTH2_SUB_ERROR];
         MSIDErrorCode errorCode = MSIDErrorCodeForOAuthError(errorDescription, MSIDErrorAuthorizationFailed);
 
         return MSIDCreateError(MSIDOAuthErrorDomain, errorCode, errorDescription, serverOAuth2Error, subError, nil, correlationId, nil);