New checks for "invalid_grant" and "access_denied" error together with ""Token is not active"", "Invalid bearer token" and "not_authorized" descriptions

CHANGELOG.md

@@ -2,6 +2,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 # Changelog for "oidc-library"
 
+## [v1.1.1]
+- New checks for "invalid_grant" and "access_denied" error together with ""Token is not active"", "Invalid bearer token" and "not_authorized" descriptions (#20407)
+
 ## [v1.1.0]
 - Added avatar configuration and retrieve helper methods (#19726)
 

pom.xml

@@ -13,7 +13,8 @@
 
 	<groupId>org.gcube.common</groupId>
 	<artifactId>oidc-library</artifactId>
-	<version>1.1.0</version>
+	<version>1.1.1</version>
+
 	<dependencyManagement>
 		<dependencies>
 			<dependency>
@@ -25,11 +26,13 @@
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
-    <scm>
-        <connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
-        <developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
-        <url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
-    </scm>
+
+	<scm>
+		<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
+		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
+		<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
+	</scm>
+
 	<dependencies>
 		<dependency>
 			<groupId>org.slf4j</groupId>
@@ -54,5 +57,7 @@
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
+
 	<build />
+
 </project>

src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java

@@ -30,8 +30,11 @@ public class OpenIdConnectRESTHelper {
 
     private static final String RESPONSE_ERROR_KEY = "error";
     private static final String RESPONSE_ERROR_INVALID_GRANT = "invalid_grant";
+    private static final String RESPONSE_ERROR_ACCESS_DENIED = "access_denied";
     private static final String RESPONSE_ERROR_DESCRIPTION_KEY = "error_description";
-    private static final String RESPONSE_ERROR_MESSAGE_TINA = "Token is not active";
+    private static final String RESPONSE_ERROR_DESCRIPTION_TINA = "Token is not active";
+    private static final String RESPONSE_ERROR_DESCRIPTION_IBT = "Invalid bearer token";
+    private static final String RESPONSE_ERROR_DESCRIPTION_NOT_AUTHORIZED = "not_authorized";
 
     public static String buildLoginRequestURL(URL loginURL, String clientId, String state, String redirectURI)
             throws UnsupportedEncodingException {
@@ -294,14 +297,30 @@ public class OpenIdConnectRESTHelper {
         return null;
     }
 
-    public static boolean isTokenNotActiveError(String jsonString) {
+    protected static boolean matchesErrorAndDescription(String jsonString, String expectedError,
+            String exepectedErrorDescription) {
+
         try {
             JSONObject json = (JSONObject) new JSONParser().parse(jsonString);
-            return RESPONSE_ERROR_INVALID_GRANT.equals(json.get(RESPONSE_ERROR_KEY))
-                    && RESPONSE_ERROR_MESSAGE_TINA.equals(json.get(RESPONSE_ERROR_DESCRIPTION_KEY));
+            return expectedError.equals(json.get(RESPONSE_ERROR_KEY))
+                    && (exepectedErrorDescription == null
+                            || exepectedErrorDescription.equals(json.get(RESPONSE_ERROR_DESCRIPTION_KEY)));
         } catch (ParseException e) {
             // Is an unparseable JSON
         }
         return false;
     }
+
+    public static boolean isTokenNotActiveError(String jsonString) {
+        return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_INVALID_GRANT, RESPONSE_ERROR_DESCRIPTION_TINA);
+    }
+
+    public static boolean isInvalidBearerTokenError(String jsonString) {
+        return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_INVALID_GRANT, RESPONSE_ERROR_DESCRIPTION_IBT);
+    }
+
+    public static boolean isAccessDeniedNotAuthorizedError(String jsonString) {
+        return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_ACCESS_DENIED,
+                RESPONSE_ERROR_DESCRIPTION_NOT_AUTHORIZED);
+    }
 }