Return appropriate error messages when response from authentication server is not successful #847
Description
Is your feature request related to a problem? Please describe.
If the introspection_token is not correct in the resource server, then a JSONDecoderError is raised when there is a token to be verified via oauth2_provider. This kind of logger error and exception would make the debugging procedure quite complicated because the user wouldn't know the cause of why there is a JSON_DecoderError.
Related method: oauth2_validators.py line 307 - 311.
Example traceback in resource server when the authentication server returns a 403 response to the resource server.
Introspection: Failed to parse response as json
Traceback (most recent call last):
File "C:\Python37\lib\site-packages\oauth2_provider\oauth2_validators.py", line 308, in _get_token_from_authentication_server
content = response.json()
File "C:\Python37\lib\site-packages\requests\models.py", line 897, in json
return complexjson.loads(self.text, **kwargs)
File "C:\Python37\lib\json\__init__.py", line 348, in loads
return _default_decoder.decode(s)
File "C:\Python37\lib\json\decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "C:\Python37\lib\json\decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Describe the solution you'd like
If the response from authentication server is not successful(e.g. status code is not 200), then an exception should be logged with the response's status code and its cause.
E.g. If we add the following code block before line 307:
if response.status_code != 200:
log.exception("Introspection: Failed to get a valid response "
"from authentication server. status code ={}, "
"reason {}".format(response.status_code,
response.reason))
Then, the traceback error message would be:
Introspection: Failed to get a valid response from authentication server. status code =403, reason Forbidden
Traceback (most recent call last):
File "/home/jun/.local/share/virtualenvs/maio-engine-OAc_wQKR/lib/python3.8/site-packages/oauth2_provider/oauth2_validators.py", line 371, in validate_bearer_token
access_token = AccessToken.objects.select_related("application", "user").get(token=token)
File "/home/jun/.local/share/virtualenvs/maio-engine-OAc_wQKR/lib/python3.8/site-packages/django/db/models/query.py", line 406, in get
raise self.model.DoesNotExist(
oauth2_provider.models.AccessToken.DoesNotExist: AccessToken matching query does not exist.
Describe alternatives you've considered
Ideally, all connections with authentication server using RESOURCE_SERVER_AUTH_TOKEN should return the error messages and its status code back to resource server if the response is not successful.
Additional context
Response from authentication server:
WARNING 2020-06-16 11:53:11,274 basehttp 18318 140462266509056 "POST /oauth2/introspect/ HTTP/1.1" 403 0
Traceback image without verification:
