Skip to content

fix(journey-client): classify HTTP 4xx error bodies as LoginFailure #541

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ryanbas21 wants to merge 2 commits into from
Closed

fix(journey-client): classify HTTP 4xx error bodies as LoginFailure #541

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cd1f008
fix(journey-client): classify HTTP 4xx error bodies as LoginFailure
ryanbas21 Feb 27, 2026
860aed3
chore: add changeset for journey-client error handling fix
ryanbas21 Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .changeset/fix-journey-social-login-errors.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@forgerock/journey-client': patch
---

Fix social login error handling in journey-client

- Fix `start()` and `next()` to extract AM error bodies from RTK Query's `error.data` slot, properly classifying HTTP 4xx responses (e.g. 401 from failed social login) as `JourneyLoginFailure` instead of generic `no_response_data` errors
- Fix `resume()` to return typed `GenericError` values instead of throwing raw `Error` objects, maintaining the `JourneyResult` contract
114 changes: 105 additions & 9 deletions packages/journey-client/src/lib/client.store.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ import { afterEach, describe, expect, test, vi } from 'vitest';

import type { GenericError, Step, WellknownResponse } from '@forgerock/sdk-types';

import { StepType } from '@forgerock/sdk-types';
Copy link
Copy Markdown
Collaborator

@cerebrl cerebrl Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we change the order of imports? Here's the pattern I'd like us to use:

// import any proper modules first
import { StepType } from '@forgerock/sdk-types';

// import any file-based modules second
import { journey } from './client.store.js';

// import any types from proper modules third
import type { GenericError } from '@forgerock/sdk-types';

// import any types from file-based modules last
import type { SomeType } from './some-file.js';


import { journey } from './client.store.js';
import { createJourneyStep } from './step.utils.js';
import { JourneyClientConfig } from './config.types.js';
Expand Down Expand Up @@ -73,9 +75,11 @@ function getUrlFromInput(input: RequestInfo | URL): string {
}

/**
* Helper to setup mock fetch for wellknown + journey responses
* Helper to setup mock fetch for wellknown + journey responses.
* When `errorStatus` is provided, the journey response will be returned
* with that HTTP status code (simulating AM error responses like 401).
*/
function setupMockFetch(journeyResponse: Step | null = null) {
function setupMockFetch(journeyResponse: Step | null = null, options?: { errorStatus?: number }) {
mockFetch.mockImplementation((input: RequestInfo | URL) => {
const url = getUrlFromInput(input);

Expand All @@ -86,7 +90,13 @@ function setupMockFetch(journeyResponse: Step | null = null) {

// Journey authenticate endpoint
if (journeyResponse && url.includes('/authenticate')) {
return Promise.resolve(new Response(JSON.stringify(journeyResponse)));
const status = options?.errorStatus ?? 200;
return Promise.resolve(
new Response(JSON.stringify(journeyResponse), {
status,
headers: { 'Content-Type': 'application/json' },
}),
);
}

return Promise.reject(new Error(`Unexpected fetch: ${url}`));
Expand Down Expand Up @@ -205,6 +215,64 @@ describe('journey-client', () => {
}
});

test('start_ServerReturns401_ReturnsLoginFailure', async () => {
// Arrange — AM returns 401 with a login failure body
const failureResponse: Step = {
code: 401,
reason: 'Unauthorized',
message: 'Authentication Failed',
};
setupMockFetch(failureResponse, { errorStatus: 401 });

// Act
const client = await journey({ config: mockConfig });
const result = await client.start();

// Assert — should be classified as LoginFailure, not GenericError
expect(result).toBeDefined();
expect(isGenericError(result)).toBe(false);
expect(result).toHaveProperty('type', StepType.LoginFailure);
if (result && 'getCode' in result) {
expect(result.getCode()).toBe(401);
expect(result.getReason()).toBe('Unauthorized');
expect(result.getMessage()).toBe('Authentication Failed');
}
});

test('next_ServerReturns401_ReturnsLoginFailure', async () => {
// Arrange — AM returns 401 after submitting credentials
const initialStep = createJourneyStep({
authId: 'test-auth-id',
callbacks: [
{
type: callbackType.NameCallback,
input: [{ name: 'IDToken1', value: 'test-user' }],
output: [],
},
],
});
const failureResponse: Step = {
code: 401,
reason: 'Unauthorized',
message: 'Authentication Failed',
};
setupMockFetch(failureResponse, { errorStatus: 401 });

// Act
const client = await journey({ config: mockConfig });
const result = await client.next(initialStep, {});

// Assert — should be classified as LoginFailure, not GenericError
expect(result).toBeDefined();
expect(isGenericError(result)).toBe(false);
expect(result).toHaveProperty('type', StepType.LoginFailure);
if (result && 'getCode' in result) {
expect(result.getCode()).toBe(401);
expect(result.getReason()).toBe('Unauthorized');
expect(result.getMessage()).toBe('Authentication Failed');
}
});

test('redirect_WellknownConfig_StoresStepAndCallsLocationAssign', async () => {
// Arrange
const mockStepPayload: Step = {
Expand Down Expand Up @@ -299,23 +367,51 @@ describe('journey-client', () => {
}
});

test('resume_PreviousStepRequiredButNotFound_ThrowsError', async () => {
test('resume_PreviousStepRequiredButNotFound_ReturnsGenericError', async () => {
// Arrange
mockStorageInstance.get.mockResolvedValue(undefined);
setupMockFetch();

// Act
const client = await journey({ config: mockConfig });
const resumeUrl = 'https://app.com/callback?code=123&state=abc';

// Assert
await expect(client.resume(resumeUrl)).rejects.toThrow(
'Error: previous step information not found in storage for resume operation.',
);
const result = await client.resume(resumeUrl);

// Assert — returns GenericError instead of throwing
expect(result).toBeDefined();
expect(isGenericError(result)).toBe(true);
if (isGenericError(result)) {
expect(result.error).toBe('missing_previous_step');
expect(result.message).toContain('not found in storage');
}
expect(mockStorageInstance.get).toHaveBeenCalledTimes(1);
expect(mockStorageInstance.remove).toHaveBeenCalledTimes(1);
});

test('resume_StorageReturnsError_ReturnsGenericError', async () => {
// Arrange — storage returns a GenericError (e.g. sessionStorage unavailable)
const storageError: GenericError = {
error: 'storage_unavailable',
message: 'sessionStorage is not available',
type: 'unknown_error',
};
mockStorageInstance.get.mockResolvedValue(storageError);
setupMockFetch();

// Act
const client = await journey({ config: mockConfig });
const resumeUrl = 'https://app.com/callback?code=123&state=abc';
const result = await client.resume(resumeUrl);

// Assert — returns GenericError instead of throwing
expect(result).toBeDefined();
expect(isGenericError(result)).toBe(true);
if (isGenericError(result)) {
expect(result.error).toBe('storage_error');
expect(result.message).toContain('sessionStorage is not available');
}
});

test('resume_NoPreviousStepRequired_CallsStartWithUrlParams', async () => {
// Arrange
mockStorageInstance.get.mockResolvedValue(undefined);
Expand Down
43 changes: 37 additions & 6 deletions packages/journey-client/src/lib/client.store.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,21 @@ import { NextOptions, StartParam, ResumeOptions } from './interfaces.js';
import type { JourneyLoginFailure } from './login-failure.utils.js';
import type { JourneyLoginSuccess } from './login-success.utils.js';

/**
* Checks whether an unknown value resembles an AM Step response.
* RTK Query's fetchBaseQuery places HTTP error response bodies in `error.data`.
* When AM returns a 4xx (e.g. 401 for failed social login), the body contains
* `code`, `reason`, and `message` — which is a valid Step that should be
* classified via `createJourneyObject()`.
*/
function isStepLike(data: unknown): data is Step {
return (
typeof data === 'object' &&
data !== null &&
('authId' in data || 'code' in data || 'callbacks' in data)
);
Comment on lines +42 to +47
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Restrict LoginFailure mapping to 4xx responses only.

Line 157 and Line 178 currently convert any Step-like queryError.data into a Journey object. That can misclassify non-4xx server errors as JourneyLoginFailure, despite the intended 4xx-only behavior.

💡 Proposed fix 
 function isStepLike(data: unknown): data is Step {
   return (
     typeof data === 'object' &&
     data !== null &&
     ('authId' in data || 'code' in data || 'callbacks' in data)
   );
 }
+
+function isClientStepError(queryError: unknown): queryError is { status: number; data: Step } {
+  return (
+    typeof queryError === 'object' &&
+    queryError !== null &&
+    'status' in queryError &&
+    typeof (queryError as { status: unknown }).status === 'number' &&
+    (queryError as { status: number }).status >= 400 &&
+    (queryError as { status: number }).status < 500 &&
+    'data' in queryError &&
+    isStepLike((queryError as { data: unknown }).data)
+  );
+}
@@
-        if (queryError && 'data' in queryError && isStepLike(queryError.data)) {
-          return createJourneyObject(queryError.data as Step);
+        if (isClientStepError(queryError)) {
+          return createJourneyObject(queryError.data);
         }
@@
-        if (queryError && 'data' in queryError && isStepLike(queryError.data)) {
-          return createJourneyObject(queryError.data as Step);
+        if (isClientStepError(queryError)) {
+          return createJourneyObject(queryError.data);
         }

Also applies to: 157-159, 178-180

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@packages/journey-client/src/lib/client.store.ts` around lines 42 - 47, The
code currently treats any Step-like queryError.data as a JourneyLoginFailure;
update the mapping logic that uses isStepLike(queryError.data) to first check
the HTTP status (e.g. queryError.status or queryError.response?.status) and only
map to JourneyLoginFailure when status is in the 4xx range (>=400 && <500);
otherwise fall through to the existing non-login error handling (do not convert
to Journey). Apply this change to both places that convert queryError.data into
a Journey (the branches that set JourneyLoginFailure), keeping the isStepLike
check but gating it with the 4xx status check.

}

/** Result type for journey client methods. */
type JourneyResult =
| JourneyStep
Expand Down Expand Up @@ -135,8 +150,13 @@ export async function journey({

const self: JourneyClient = {
start: async (options?: StartParam) => {
const { data } = await store.dispatch(journeyApi.endpoints.start.initiate(options));
const { data, error: queryError } = await store.dispatch(
journeyApi.endpoints.start.initiate(options),
);
if (!data) {
Copy link
Copy Markdown
Collaborator

@cerebrl cerebrl Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we can, I'd rather push this responsibility to the RTK API module that actually makes the handles the request. You can see that here in the DaVinci Client: https://github.com/ForgeRock/ping-javascript-sdk/blob/main/packages/davinci-client/src/lib/davinci.api.ts#L126. This helps keep the top-level store file much leaner.

if (queryError && 'data' in queryError && isStepLike(queryError.data)) {
return createJourneyObject(queryError.data as Step);
}
const error: GenericError = {
error: 'no_response_data',
message: 'No data received from server when starting journey',
Expand All @@ -151,8 +171,13 @@ export async function journey({
* Submits the current Step payload to the authentication API and retrieves the next JourneyStep in the journey.
*/
next: async (step: JourneyStep, options?: NextOptions) => {
const { data } = await store.dispatch(journeyApi.endpoints.next.initiate({ step, options }));
const { data, error: queryError } = await store.dispatch(
journeyApi.endpoints.next.initiate({ step, options }),
);
if (!data) {
if (queryError && 'data' in queryError && isStepLike(queryError.data)) {
return createJourneyObject(queryError.data as Step);
}
const error: GenericError = {
error: 'no_response_data',
message: 'No data received from server when submitting step',
Expand Down Expand Up @@ -210,17 +235,23 @@ export async function journey({

if (stored) {
if (isGenericError(stored)) {
throw new Error(`Error retrieving previous step: ${stored.message || stored.error}`);
return {
error: 'storage_error',
message: `Error retrieving previous step: ${stored.message || stored.error}`,
type: 'unknown_error',
} satisfies GenericError;
} else if (isStoredStep(stored)) {
previousStep = createJourneyObject(stored.step) as JourneyStep;
}
}
await stepStorage.remove();

if (!previousStep) {
throw new Error(
'Error: previous step information not found in storage for resume operation.',
);
return {
error: 'missing_previous_step',
message: 'Previous step information not found in storage for resume operation.',
type: 'state_error',
} satisfies GenericError;
}
}

Expand Down
Loading