feat: return oidc.Error in case of call token failure

pkg/client/client.go

@@ -2,7 +2,6 @@ package client
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -251,25 +250,11 @@ func CallDeviceAccessTokenEndpoint(ctx context.Context, request *DeviceAccessTok
 		req.SetBasicAuth(request.ClientID, request.ClientSecret)
 	}
 
-	httpResp, err := caller.HttpClient().Do(req)
+	resp := new(oidc.AccessTokenResponse)
-	if err != nil {
+	if err := httphelper.HttpRequest(caller.HttpClient(), req, &resp); err != nil {
 		return nil, err
 	}
-	defer httpResp.Body.Close()
+	return resp, nil
-
-	resp := new(struct {
-		*oidc.AccessTokenResponse
-		*oidc.Error
-	})
-	if err = json.NewDecoder(httpResp.Body).Decode(resp); err != nil {
-		return nil, err
-	}
-
-	if httpResp.StatusCode == http.StatusOK {
-		return resp.AccessTokenResponse, nil
-	}
-
-	return nil, resp.Error
 }
 
 func PollDeviceAccessTokenEndpoint(ctx context.Context, interval time.Duration, request *DeviceAccessTokenRequest, caller TokenEndpointCaller) (*oidc.AccessTokenResponse, error) {

pkg/http/http.go

@@ -10,6 +10,8 @@ import (
 	"net/url"
 	"strings"
 	"time"
+
+	"github.com/zitadel/oidc/v3/pkg/oidc"
 )
 
 var DefaultHTTPClient = &http.Client{
@@ -66,7 +68,12 @@ func HttpRequest(client *http.Client, req *http.Request, response any) error {
 	}
 
 	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("http status not ok: %s %s", resp.Status, body)
+		var oidcErr oidc.Error
+		err = json.Unmarshal(body, &oidcErr)
+		if err != nil || oidcErr.ErrorType == "" {
+			return fmt.Errorf("http status not ok: %s %s", resp.Status, body)
+		}
+		return &oidcErr
 	}
 
 	err = json.Unmarshal(body, response)