New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve OAuth error handling in configuration flows #103157
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! The tests that are using the aiohttp client mocker are failing.
Please take a look at the requested changes, and use the Ready for review button when you are done, thanks 👍 |
Yes! 👍 |
error_code = error_response.get("error", "unknown") | ||
error_description = error_response.get("error_description", "unknown error") | ||
_LOGGER.error( | ||
"Token request failed (%s): %s", error_code, error_description | ||
) | ||
resp.raise_for_status() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would ideally love to surface the oauth detailed error codes in the UI
We could wrap the ClientResponseError
in our own exception and add the error code and error description as additional attributes and raise the wrapped exception manually. We already check if the response status is 400 or higher above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok I was considering this, these options: given existing use of this code (used in both the config flow or generally for the auth impls token refresh), I was hesitant to introduce a new exception. Re throwing an siohttp exception could work but seems rare in this code base (and one param to the constructor may be hard to get or would be faked). I considered splitting the two token request use cases here into two calls as well or slightly changing the API to return a response and handle exceptions in the caller. Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be ok to raise a new exception since we didn't catch any exception in the helper before and we haven't documented any expectations about that yet.
We can add it to the helper and update existing integrations, update or add an example in the docs and make a dev blog for custom integrations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The case I am worried about is where this function is called for normal token refresh and integrations catch aiohttp exceptions directly, like on async setup, outside of config flow.
We could also upgrade all those code paths with more explicit oauth exceptions if we want to fully solve this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The token refresh is handled by the Home Assistant oauth session so we can decide what exceptions should be handled by callers of that api.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest we go ahead with this PR and then improve and add the new exception separately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated all the integrations where there is a config flow that depends on the oauth flow and added the strings. (see pr description for the method used).
There are still some tests failing. I don't think all of them are due to daylight saving. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
…03157) * Improve OAuth error handling in configuration flows * Update strings for all integrations that use oauth2 config flow * Remove invalid_auth strings * Revert change to release * Revert close change in aiohttp mock
Proposed change
Improve OAuth error handling in configuration flows as a follow up for the types of errors hanlded in #103131 that are currently unhandled in integrations. Today these are surfaced often as empty dialog boxes without friendly error messages.
The logic for parsing the error string comes from https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/ under "Unsuccessful Response".
I have a few requests for feedback:
_token_request
function raisesClientResponseError
without this detail. For now i'm just logging the error, but if you have suggestions for how to raise with this let me knowThe existing code
oauth2_timeout
does not currently have translations properly configured anywhere and needs to also be fixed when fixing these other codes.Method for updating strings:
Where
fix.py
is the following:Type of change
Additional information
Checklist
black --fast homeassistant tests
)If user exposed functionality or configuration variables are added/changed:
If the code communicates with devices, web services, or third-party tools:
Updated and included derived files by running:
python3 -m script.hassfest
.requirements_all.txt
.Updated by running
python3 -m script.gen_requirements_all
..coveragerc
.To help with the load of incoming pull requests: