From 08b3906d33065f40007a6205ddf1edce04b5bfca Mon Sep 17 00:00:00 2001
From: Dennis Schridde <dennis.schridde@freiheit.com>
Date: Fri, 20 Aug 2021 17:32:12 +0200
Subject: [PATCH] Read Body in RequestToken and AccessToken methods

* For non-nil RequestToken or AccessToken requests, read the
body before checking the status code, in case it has useful
information to include

Co-authored-by: Dennis Schridde <dennis.schridde@freiheit.com>
Co-authored-by: Dalton Hubble <dghubble@mgmail.com>
---
 CHANGES.md |  2 ++
 config.go  | 20 ++++++++++++--------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 6760294..a3f39d5 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -4,6 +4,8 @@ Notable changes between releases.
 
 ## Latest
 
+* Show body when `RequestToken` or `AccessToken` requests return an invalid status code ([#54](https://github.com/dghubble/oauth1/pull/54))
+
 ## v0.7.0
 
 * Add an `HMAC256Signer` ([#40](https://github.com/dghubble/oauth1/pull/40))
diff --git a/config.go b/config.go
index f289289..c539a00 100644
--- a/config.go
+++ b/config.go
@@ -79,13 +79,15 @@ func (c *Config) RequestToken() (requestToken, requestSecret string, err error)
 	}
 	// when err is nil, resp contains a non-nil resp.Body which must be closed
 	defer resp.Body.Close()
-	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
-		return "", "", fmt.Errorf("oauth1: Server returned status %d", resp.StatusCode)
-	}
+
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return "", "", err
+		return "", "", fmt.Errorf("oauth1: error reading Body: %v", err)
 	}
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
+		return "", "", fmt.Errorf("oauth1: invalid status %d: %s", resp.StatusCode, body)
+	}
+
 	// ParseQuery to decode URL-encoded application/x-www-form-urlencoded body
 	values, err := url.ParseQuery(string(body))
 	if err != nil {
@@ -156,13 +158,15 @@ func (c *Config) AccessToken(requestToken, requestSecret, verifier string) (acce
 	}
 	// when err is nil, resp contains a non-nil resp.Body which must be closed
 	defer resp.Body.Close()
-	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
-		return "", "", fmt.Errorf("oauth1: Server returned status %d", resp.StatusCode)
-	}
+
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return "", "", err
+		return "", "", fmt.Errorf("oauth1: error reading Body: %v", err)
 	}
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
+		return "", "", fmt.Errorf("oauth1: invalid status %d: %s", resp.StatusCode, body)
+	}
+
 	// ParseQuery to decode URL-encoded application/x-www-form-urlencoded body
 	values, err := url.ParseQuery(string(body))
 	if err != nil {