Improve the error log and enhancing OAuth2Error

spring-projects#1240
leshalv · Dec 1, 2023 · 52a1e82 · 52a1e82
1 parent 068601b
commit 52a1e82
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/...h2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/...h2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
@@ -143,11 +143,16 @@ public Authentication authenticate(Authentication authentication) throws Authent
 					this.logger.warn(LogMessage.format("Invalidated authorization code used by registered client '%s'", registeredClient.getId()));
 				}
 			}
-			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
+			OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT,"The authorization code is invalid or has expired.",ERROR_URI);
+			throw new OAuth2AuthenticationException(error);
 		}
 
 		if (StringUtils.hasText(authorizationRequest.getRedirectUri()) &&
 				!authorizationRequest.getRedirectUri().equals(authorizationCodeAuthentication.getRedirectUri())) {
+			if (this.logger.isWarnEnabled()) {
+				this.logger.warn(LogMessage.format("Invalidated redirect_uri used by registered client '%s'", registeredClient.getId()));
+			}
+			OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT,"The redirect_uri does not match the redirection URI used in the authorization request.",ERROR_URI);
 			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
 		}
 
@@ -165,7 +170,8 @@ public Authentication authenticate(Authentication authentication) throws Authent
 					}
 				}
 			}
-			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
+			OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT,"The authorization code is invalid or has expired.",ERROR_URI);
+			throw new OAuth2AuthenticationException(error);
 		}
 
 		if (this.logger.isTraceEnabled()) {