bug: Graceful handling of an expired refresh token #174
Description
Describe the bug
Fetching user info (FetchUserInfo) with an expired refresh token returns a string error with JSON inside. The problem is - it's super generic and compared to the audit logs in logto dashboard it provides 0 explanation as to what is happening and how to handle it.
core/parse_response.go contains parseDataFromResponse function which returns:
fmt.Errorf("unexpected status code: %d, response body: %s", response.StatusCode, body)
unexpected status code: 400, response body: {\"code\":\"oidc.invalid_grant\",\"message\":\"Grant request is invalid.\",\"error_uri\":\"https://openid.sh/debug/invalid_grant\",\"error\":\"invalid_grant\",\"error_description\":\"grant request is invalid\"}"}
This essentially produces a 500 error on my end because I can't use errors.Is (like with ErrNotAuthenticated and even with string matching there's no relevant info that I can make a good UX decision.
I'm not an expert with Logto/OIDC and all that, but it feels like I can't just assume that this means an expired refresh token as the error article says it can mean a bunch of things.
So how do I approach this?
Expected behavior
Errors that the SDK produces should be handleable, this is especially relevant for errors that the SDK consumer can convert into user actions (i.e. re-login).
How to reproduce?
call FetchUserInfo with an expired refresh token.
Environment
Self-hosted (Docker image)
Screenshots
No response