-
Notifications
You must be signed in to change notification settings - Fork 754
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AbstractProvider::getParsedResponse
should always return array or throw exception
#626
Comments
Hey, any thoughts on this? |
Failing for me too as a knock on effect of upgrading guzzle. |
Was this fixed by #621? |
@shadowhand Technically - yes. But logically it'd be better to throw an exception despite of http response code. With this code we still can not guarantee Anyway, it's better than nothing. |
I'm open to additional PR(s) to improve the behavior. |
SOLVED --- I'm running into the same problem. Strangely enough I've got two clients running. One in a plugin in a MODX environment which seems to be working perfectly fine. The other one is in a Magento environment and bothers me about the string given in stead of string. They are both hooked up to the same Laravel Passport OAuth 2 server.
Whenever I try to access the page I'm redirected to the login screen. Then I log in and I click authorize when prompted for authorisation. When I'm redirected back again I get the before mentioned error. As far as I can check the config values seem to check out. The response object I get back from EDIT: My server is giving out auth codes. Just not access tokens. EDIT 2: Client error: Actually managed to solve the problem. Turns out that I was trying to approach one virtual machine from another. That won't work and it'll return a 404 indeed :) Shouldn't be doing this kinda stuff on a friday afternoon. :D |
A very similar problem occurs with the getResourceOwner API. If the response from the OAUTH2 server does not include a JSON response the library will throw a TypeError Exception.
|
I've added #636 which fixes the issue I described above. |
Personally I'm not in favor of how this was handled in #636. This error can and will also happen (just did to me) if the OAuth provider goes down and returns 501-522 HTTP codes, invalid body or not. The check in AbstractProvider.php only handles 500 responses, and the Something along the lines of this would be a lot more developer friendly (it's a snippet from a class I'm writing to support a provider)
I'd be much more happier to see this implemented properly in the library, because it gives direct access to the response object to anything higher up that tries to catch it, opening up more possibilities for debugging purposes. I would submit a PR but I'm not sure how to best integrate storing and getting the extra variable required for the instantiation of |
The correct solution would be for try {
$response = $provider->getResponse($request);
} catch (UnexpectedValueException $e) {
$request = $e->getPrevious()->getRequest();
$response = $e->getPrevious()->getResponse();
} This would eliminate the need to have |
I've similarly extended and overridden my Provider locally in my application in order to handle HTTP 204 Responses which by design return a blank Response Body and throw the
Full overridden method:
Not super sexy, but it works. |
I've tagged release 2.3.0, which includes the changes from #636. It sounds like those changes might have addressed some of the issues, but @SeinopSys, @shadowhand, and @PeterDKC had some follow-up thoughts. What's remaining to close out this issue? |
My main concern still remains: The |
Just for info, I saw this when the oauth server was equipped with http basic auth. |
I am getting the same error, I have made my own OAuth2 server, using /bshaffer/oauth2-server-php, and this is the response I get if I echo the response on line 530 (in the AbstractProvider::getAccessToken() function): HTTP/1.1 200 OK Cache-Control: no-store Content-Type: application/json Pragma: no-cache {"access_token":"XXX","expires_in":3600,"token_type":"Bearer","scope":null,"refresh_token":"XXX"} This does not get parsed properly. AFAIK this is exactly how an OAuth2 response should look like? My ugly quick fix for now is to add this to the parseResponse function preg_match("/{.*}/",$content,$arr); where $arr[0] givesme exactly what I need, the JSON content only. |
Same here, too. Version 2.3.0 on PHP 7.2. The OAuth Server on the other end sends a error string, which goes into prepareAccessTokenResponse without hesitation, which in turn just fails with the exception the thread owner stated in his very first sentence. |
As this issue is still open, I'd like to raise some concern and share my thought.
I assume the intended task of parseResponse() is to correctly parse the response body and return it. Currently, parseResponse is able to parse urlencoded or valid json body. In general, the result of a json parsing does not need to be an array. It could even be null, empty string, integer, etc. So the value of $parsed can be of different type, which I don't really care much. It is up to the calling function to correctly handle that value.
The @return array type hint is surely wrong. The problem with current implementation of parseResponse() is that it throws an exception which does not help much in the calling function if the response body cannot be parsed as JSON. This includes body having empty string as value. protected $mayThrowResponseParsingException = false; which can be used to control the behavior of parseResponse().
` |
I submitted PR #825 which implements that suggestion above |
Imo it should have thrown an exception currently i can't see what kind of errors appear |
It happens because
AbstractProvider::getParsedResponse
returns string when content can't be parsed.Attention to docs — "return mixed". It can not return "mixed" (though actually it is), because the result goes to
prepareAccessTokenResponse
which receives array only.Docs say
param mixed $result
(was changed here 365e61c with no visible reason), but typehint saysarray $result
.And the last thing — where mixed comes from?
return array
— one more lie here. Look at the catch block: value is considered unexpected only if type was "expected" — wut? Otherwise$content
is returned, which is string. This was called fallback on failure.So, long story short
array
typehintI haven't done PR because I don't know what's the right solution in this situation. We should respect BC, I understand. But I'd just throw an exception despite any other condition: we tried to do something and failed — there is nothing we can do with it later.
The text was updated successfully, but these errors were encountered: