OAuth2 client's errors don't have enough information when returned by remote party

[reinkrul]

E.g., when requesting a PD for an unknown scope:

{
  "detail": "failed to retrieve presentation definition: server returned HTTP 400 (expected: 200)",
  "status": 500,
  "title": "RequestServiceAccessToken failed"
}

level=error msg="RequestServiceAccessToken failed" error="failed to retrieve presentation definition: server returned HTTP 400 (expected: 200)" module=Auth/iam operation=RequestServiceAccessToken operationID=RequestServiceAccessToken requestURI="/internal/auth/v2/did:web:api-gateway%3A9443/request-service-access-token" user="<nil>"

But the server logs:

level=warning msg="PresentationDefinition failed" error="invalid_scope - not found" module=Auth/iam operation=PresentationDefinition operationID=PresentationDefinition

This last error should be logged and returned to the client (calling the Nuts node)

[reinkrul]

(probably also applies to other OAuth2 calls)

[m-rit]

Hi @reinkrul,

I recently worked on one of the issues in the go-did package. Could I contribute to some of the OAuth bugs/ enhancements here if no one is working on it? If there are other things I could work on, I would be happy to look into them as well.

Thanks!

[woutslakhorst]

Hi @reinkrul,

I recently worked on one of the issues in the go-did package. Could I contribute to some of the OAuth bugs/ enhancements here if no one is working on it? If there are other things I could work on, I would be happy to look into them as well.

Thanks!

Sure, thanks. For this issue the problem is probably that errors responses from endpoints that generate an OAuth2Error are not cast to such an error. This is probably located in the iam client. It does a testResponsecode(200), but if it's an error it should try to make it an oautherror. There's probably some example in the code for this.