feat(oidc): return defined error when discovery failed (#653)

* feat(oidc): return defined error when discovery failed * Use errors.Join() to join errors Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com> * Remove unnecessary field Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com> * Fix order and message Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com> * Fix error order * Simplify error assertion Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com> --------- Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
2024-09-20 18:33:28 +09:00 · 2024-09-20 18:33:28 +09:00 · 3b64e792ed
commit 3b64e792ed
parent b555396744
3 changed files with 13 additions and 8 deletions
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@ -42,7 +42,7 @@ func Discover(ctx context.Context, issuer string, httpClient *http.Client, wellK
 	discoveryConfig := new(oidc.DiscoveryConfiguration)
 	err = httphelper.HttpRequest(httpClient, req, &discoveryConfig)
 	if err != nil {
-		return nil, err
+		return nil, errors.Join(oidc.ErrDiscoveryFailed, err)
 	}
 	if logger, ok := logging.FromContext(ctx); ok {
 		logger.Debug("discover", "config", discoveryConfig)
--- a/pkg/client/client_test.go
+++ b/pkg/client/client_test.go
@ -7,6 +7,7 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
 )

 func TestDiscover(t *testing.T) {
@ -22,7 +23,7 @@ func TestDiscover(t *testing.T) {
 		name       string
 		args       args
 		wantFields *wantFields
-		wantErr    bool
+		wantErr    error
 	}{
 		{
 			name: "spotify", // https://github.com/zitadel/oidc/issues/406
@ -32,17 +33,20 @@ func TestDiscover(t *testing.T) {
 			wantFields: &wantFields{
 				UILocalesSupported: true,
 			},
-			wantErr: false,
+			wantErr: nil,
+		},
+		{
+			name: "discovery failed",
+			args: args{
+				issuer: "https://example.com",
+			},
+			wantErr: oidc.ErrDiscoveryFailed,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := Discover(context.Background(), tt.args.issuer, http.DefaultClient, tt.args.wellKnownUrl...)
-			if tt.wantErr {
-				assert.Error(t, err)
-				return
-			}
-			require.NoError(t, err)
+			require.ErrorIs(t, err, tt.wantErr)
 			if tt.wantFields == nil {
 				return
 			}
--- a/pkg/oidc/verifier.go
+++ b/pkg/oidc/verifier.go
@ -41,6 +41,7 @@ type IDClaims interface {
 var (
 	ErrParse                   = errors.New("parsing of request failed")
 	ErrIssuerInvalid           = errors.New("issuer does not match")
+	ErrDiscoveryFailed         = errors.New("OpenID Provider Configuration Discovery has failed")
 	ErrSubjectMissing          = errors.New("subject missing")
 	ErrAudience                = errors.New("audience is not valid")
 	ErrAzpMissing              = errors.New("authorized party is not set. If Token is valid for multiple audiences, azp must not be empty")