From 1fb2b2408edbf69bd1c674e7bd5450bd5238bfe8 Mon Sep 17 00:00:00 2001
From: Mauro Mugnaini <themaxx76@gmail.com>
Date: Mon, 11 Jan 2021 16:04:18 +0100
Subject: [PATCH] New checks for "invalid_grant" and "access_denied" error
 together with ""Token is not active"", "Invalid bearer token" and
 "not_authorized" descriptions

---
 CHANGELOG.md                                  |  3 +++
 pom.xml                                       | 17 +++++++-----
 .../oidc/rest/OpenIdConnectRESTHelper.java    | 27 ++++++++++++++++---
 3 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b23ea99..52242f7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 # Changelog for "oidc-library"
 
+## [v1.1.1]
+- New checks for "invalid_grant" and "access_denied" error together with ""Token is not active"", "Invalid bearer token" and "not_authorized" descriptions (#20407)
+
 ## [v1.1.0]
 - Added avatar configuration and retrieve helper methods (#19726)
 
diff --git a/pom.xml b/pom.xml
index b3110d2..2ea1c0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,8 @@
 
 	<groupId>org.gcube.common</groupId>
 	<artifactId>oidc-library</artifactId>
-	<version>1.1.0</version>
+	<version>1.1.1</version>
+
 	<dependencyManagement>
 		<dependencies>
 			<dependency>
@@ -25,11 +26,13 @@
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
-    <scm>
-        <connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
-        <developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
-        <url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
-    </scm>
+
+	<scm>
+		<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
+		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
+		<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
+	</scm>
+
 	<dependencies>
 		<dependency>
 			<groupId>org.slf4j</groupId>
@@ -54,5 +57,7 @@
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
+
 	<build />
+
 </project>
\ No newline at end of file
diff --git a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
index 591d1f6..b95d125 100644
--- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
+++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
@@ -30,8 +30,11 @@ public class OpenIdConnectRESTHelper {
 
     private static final String RESPONSE_ERROR_KEY = "error";
     private static final String RESPONSE_ERROR_INVALID_GRANT = "invalid_grant";
+    private static final String RESPONSE_ERROR_ACCESS_DENIED = "access_denied";
     private static final String RESPONSE_ERROR_DESCRIPTION_KEY = "error_description";
-    private static final String RESPONSE_ERROR_MESSAGE_TINA = "Token is not active";
+    private static final String RESPONSE_ERROR_DESCRIPTION_TINA = "Token is not active";
+    private static final String RESPONSE_ERROR_DESCRIPTION_IBT = "Invalid bearer token";
+    private static final String RESPONSE_ERROR_DESCRIPTION_NOT_AUTHORIZED = "not_authorized";
 
     public static String buildLoginRequestURL(URL loginURL, String clientId, String state, String redirectURI)
             throws UnsupportedEncodingException {
@@ -294,14 +297,30 @@ public class OpenIdConnectRESTHelper {
         return null;
     }
 
-    public static boolean isTokenNotActiveError(String jsonString) {
+    protected static boolean matchesErrorAndDescription(String jsonString, String expectedError,
+            String exepectedErrorDescription) {
+
         try {
             JSONObject json = (JSONObject) new JSONParser().parse(jsonString);
-            return RESPONSE_ERROR_INVALID_GRANT.equals(json.get(RESPONSE_ERROR_KEY))
-                    && RESPONSE_ERROR_MESSAGE_TINA.equals(json.get(RESPONSE_ERROR_DESCRIPTION_KEY));
+            return expectedError.equals(json.get(RESPONSE_ERROR_KEY))
+                    && (exepectedErrorDescription == null
+                            || exepectedErrorDescription.equals(json.get(RESPONSE_ERROR_DESCRIPTION_KEY)));
         } catch (ParseException e) {
             // Is an unparseable JSON
         }
         return false;
     }
+
+    public static boolean isTokenNotActiveError(String jsonString) {
+        return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_INVALID_GRANT, RESPONSE_ERROR_DESCRIPTION_TINA);
+    }
+
+    public static boolean isInvalidBearerTokenError(String jsonString) {
+        return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_INVALID_GRANT, RESPONSE_ERROR_DESCRIPTION_IBT);
+    }
+
+    public static boolean isAccessDeniedNotAuthorizedError(String jsonString) {
+        return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_ACCESS_DENIED,
+                RESPONSE_ERROR_DESCRIPTION_NOT_AUTHORIZED);
+    }
 }
\ No newline at end of file