okta
Refreshing an invalid refresh token returns a generic error
Describe the bug?
If we let the refreshToken expire and call OktaRN.refreshTokens(); it returns a default message which prevents us from handling specific issue.
If we look at the network requests we can see the API returns the following error:
{
"error": "invalid_grant",
"error_description": "The refresh token is invalid or expired."
}
But the SDK returns this error:
{
"userInfo":null,
"message":"Invalid status code 400 Bad Request",
"code":"-600",
...
}
It should return something more helpful, e.g.
{
"message":"Invalid grant. The refresh token is invalid or expired.",
"code":"601", // Invalid grant code
}
Can you improve your error messaging please as it makes it impossible for us to provide useful information to the user. Here is a similar issue I logged 10 days ago: https://github.com/okta/okta-react-native/issues/286
What is expected to happen?
It should return something more helpful, e.g.
{
"message":"Invalid grant. The refresh token is invalid or expired.",
"code":"601", // Invalid grant code
}
What is the actual behavior?
SDK returns this error:
{
"userInfo":null,
"message":"Invalid status code 400 Bad Request",
"code":"-600",
...
}
Reproduction Steps?
Let the refreshToken expire and call OktaRN.refreshTokens();
Additional Information?
No response
SDK Version
"@okta/okta-react-native": "2.3.0"
Build Information
No response
We've done some more digging and the error is set to Invalid status code 400 Bad Request inside the okta Android OIDC SDK:
https://github.com/okta/okta-oidc-android/blob/69a87fc000c721feee589f04d741cc137263afba/library/src/main/java/com/okta/oidc/net/HttpStatusCodeException.java#L26
If the status code is less than 200 or greater than 300 it will return "Invalid status code " + statusCode + " " + statusMessage.
For the invalid_grant error the status code is 400 which is why we get back Invalid status code 400 Bad Request.
Is there a reason you've decided to do this?