handling login errors for Okta.

TODO: We may need more general error message mapping between Okta and Stormpath, this is a one off solution

Author: bdemers

extensions/spring/stormpath-spring-security-webmvc/src/main/java/com/stormpath/spring/config/SpringSecurityLoginErrorModelFactory.java

@@ -23,7 +23,8 @@ public class SpringSecurityLoginErrorModelFactory extends AbstractErrorModelFact
     private static final List<String> UNSUCCESSFUL_LOGIN_BACKEND_ERRORS = Arrays.asList(
         "Login attempt failed",
         "Invalid username or password",
-        "Login and password required"
+        "Login and password required",
+        "invalid_grant" // for Okta
     );
 
     @Autowired

extensions/spring/stormpath-spring-security/src/main/java/com/stormpath/spring/security/provider/StormpathAuthenticationProvider.java

@@ -321,7 +321,7 @@ private Account handleUsernamePasswordAuthentication(Authentication authenticati
             account = application.authenticateAccount(request).getAccount();
         } finally {
             //Clear the request data to prevent later memory access
-//            request.clear();
+            request.clear();
         }
 
         return account;

impl/src/main/java/com/stormpath/sdk/impl/authc/OktaAuthNAuthenticator.java

@@ -7,18 +7,21 @@
 import com.stormpath.sdk.application.okta.OktaTokenRequest;
 import com.stormpath.sdk.authc.AuthenticationResult;
 import com.stormpath.sdk.authc.AuthenticationResultVisitor;
+import com.stormpath.sdk.error.Error;
 import com.stormpath.sdk.impl.application.okta.DefaultOktaSigningKeyResolver;
 import com.stormpath.sdk.impl.application.okta.OktaSigningKeyResolver;
 import com.stormpath.sdk.impl.ds.InternalDataStore;
 import com.stormpath.sdk.impl.http.HttpHeaders;
 import com.stormpath.sdk.impl.http.MediaType;
 import com.stormpath.sdk.lang.Assert;
 import com.stormpath.sdk.oauth.AccessTokenResult;
+import com.stormpath.sdk.resource.ResourceException;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Header;
 import io.jsonwebtoken.Jwt;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SigningKeyResolver;
+import org.omg.CORBA.DynAnyPackage.Invalid;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -46,17 +49,7 @@ public OktaAuthNAuthenticator(InternalDataStore dataStore) {
 
     public AuthenticationResult authenticate(DefaultUsernamePasswordRequest request) {
 
-        // hit the oauth token endpoint
-        OktaTokenRequest tokenRequest = this.dataStore.instantiate(OktaTokenRequest.class)
-                .setPassword(new String(request.getCredentials()))
-                .setUsername(request.getPrincipals())
-                .setGrantType("password")
-                .setScope("offline_access");
-
-        HttpHeaders httpHeaders = new HttpHeaders();
-        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
-
-        final OktaTokenResponse oktaTokenResponse = this.dataStore.create("/oauth2/v1/token", tokenRequest, OktaTokenResponse.class, httpHeaders);
+        final OktaTokenResponse oktaTokenResponse = doAuthRequest(request);
 
         // validate the key we just received
         SigningKeyResolver keyResolver = dataStore.instantiate(OktaSigningKeyResolver.class);
@@ -88,10 +81,7 @@ public Set<String> getScope() {
 
             @Override
             public ApiKey getApiKey() {
-                return ApiKeys.builder()
-                        .setId("foobar")
-                        .setSecret("barfoo")
-                        .build();
+                return null;
             }
 
             @Override
@@ -111,4 +101,56 @@ public String getHref() {
         };
     }
 
+    private OktaTokenResponse doAuthRequest(DefaultUsernamePasswordRequest request) {
+        HttpHeaders httpHeaders = new HttpHeaders();
+        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+
+        // hit the oauth token endpoint
+        OktaTokenRequest tokenRequest = this.dataStore.instantiate(OktaTokenRequest.class)
+                .setPassword(new String(request.getCredentials()))
+                .setUsername(request.getPrincipals())
+                .setGrantType("password")
+                .setScope("offline_access");
+
+        try {
+
+            return this.dataStore.create("/oauth2/v1/token", tokenRequest, OktaTokenResponse.class, httpHeaders);
+        }
+        catch (final ResourceException e) {
+
+            throw  new ResourceException(new Error() {
+                @Override
+                public int getStatus() {
+                    return e.getStatus();
+                }
+
+                @Override
+                public int getCode() {
+                    return 0;
+                }
+
+                @Override
+                public String getMessage() {
+                    // TODO: i18n, configure error handler for this type of message?
+                    return "Invalid username or password.";
+                }
+
+                @Override
+                public String getDeveloperMessage() {
+                    return e.getDeveloperMessage();
+                }
+
+                @Override
+                public String getMoreInfo() {
+                    return e.getMoreInfo();
+                }
+
+                @Override
+                public String getRequestId() {
+                    return e.getRequestId();
+                }
+            });
+        }
+    }
+
 }

impl/src/main/java/com/stormpath/sdk/impl/error/OktaError.java

@@ -21,6 +21,7 @@
 import com.stormpath.sdk.impl.resource.ListProperty;
 import com.stormpath.sdk.impl.resource.Property;
 import com.stormpath.sdk.impl.resource.StringProperty;
+import com.stormpath.sdk.lang.Collections;
 
 import java.io.Serializable;
 import java.util.List;
@@ -38,9 +39,10 @@ public class OktaError extends AbstractResource implements Error, Serializable {
     static final StringProperty ERROR_SUMMARY = new StringProperty("errorSummary");
     static final ListProperty ERROR_CAUSES = new ListProperty("errorCauses");
     static final StringProperty ERROR_ID = new StringProperty("errorId");
+    static final StringProperty ERROR = new StringProperty("error");
 
     private static final Map<String, Property> PROPERTY_DESCRIPTORS = createPropertyDescriptorMap(
-        STATUS, ERROR_CODE, ERROR_SUMMARY, ERROR_CAUSES, ERROR_ID
+        STATUS, ERROR_CODE, ERROR_SUMMARY, ERROR_CAUSES, ERROR_ID, ERROR
     );
 
     public OktaError(Map<String, Object> body) {
@@ -70,18 +72,21 @@ public int getCode() {
     @Override
     @SuppressWarnings("unchecked")
     public String getMessage() {
-        List causes = getListProperty(ERROR_CAUSES.getName());
-        return ((Map<String, String>)causes.get(0)).get("errorSummary");
+        return getString(ERROR);
     }
 
     @Override
     public String getDeveloperMessage() {
-        return "";
+        return getString(ERROR);
     }
 
     @Override
     public String getMoreInfo() {
-        return getString(ERROR_SUMMARY);
+        List causes = getListProperty(ERROR_CAUSES.getName());
+        if (!Collections.isEmpty(causes)) {
+            return ((Map<String, String>) causes.get(0)).get("errorSummary");
+        }
+        return getDeveloperMessage();
     }
 
     @Override