Skip to content

Surface OAuth token exchange errors#1922

Merged
Wires77 merged 2 commits into
PathOfBuildingCommunity:devfrom
unrealdreamz:fix/oauth-token-error-status
May 21, 2026
Merged

Surface OAuth token exchange errors#1922
Wires77 merged 2 commits into
PathOfBuildingCommunity:devfrom
unrealdreamz:fix/oauth-token-error-status

Conversation

@unrealdreamz
Copy link
Copy Markdown
Contributor

@unrealdreamz unrealdreamz commented May 19, 2026

Fixes #1045

Summary

  • Preserve OAuth token-exchange errors instead of collapsing them into generic Not authenticated.
  • Show the specific authentication failure in the Import tab when the token request fails.
  • Report OAuth state mismatches as authentication failures instead of silently leaving the login flow pending.
  • Add focused auth callback regressions for token-exchange failures and state mismatches.

Root Cause

PoEAPIClass:FetchAuthToken logged token-exchange errors such as SSL connect error, cleared token state, then called callback() without passing the error. ImportTab therefore had no way to distinguish a real transport/token failure from a normal unauthenticated state and displayed only Not authenticated.

The OAuth state-mismatch path also returned without invoking the callback, which could leave the UI in the temporary logging-in status with no actionable reason.

Fix

FetchAuthToken now follows the same callback shape used elsewhere in PoEAPI: callback(response, errorMsg, updateSettings). Token-exchange failures pass the original errMsg, local auth-code failures preserve their error when available, and state mismatches return OAuth state mismatch.

The Import tab auth callback now displays Authentication failed: <reason> for specific auth failures while preserving the existing generic Not authenticated message for the normal no-auth case.

Validation

  • git diff --check - pass.
  • git diff --cached --check - pass.
  • git show --check --stat --oneline --no-renames HEAD - pass.
  • python/lupa syntax smoke for src/Classes/PoEAPI.lua and spec/System/TestPoEAPIAuth_spec.lua - pass.
  • Added spec/System/TestPoEAPIAuth_spec.lua regressions for token-exchange error propagation and OAuth state mismatch handling.
  • Full Busted/Docker suite not run locally: docker, docker-compose, lua, luajit, and busted are not installed on PATH on this machine.

Risk / Rollback

Risk is low: successful authentication still uses the existing token storage path, and generic no-auth handling is unchanged. The changed failure paths only preserve and display errors that were already known to the client. Rollback is the single commit if maintainers prefer the previous generic status.

@Wires77 Wires77 added pob1 Should also be merged into PoB1 Repo user-interface Changes that only affect the UI labels May 21, 2026
@Wires77 Wires77 merged commit d9c5f7b into PathOfBuildingCommunity:dev May 21, 2026
3 checks passed
@github-actions github-actions Bot mentioned this pull request May 21, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Wires77 Wires77 Wires77 approved these changes

Assignees

No one assigned

Labels

pob1 Should also be merged into PoB1 Repo user-interface Changes that only affect the UI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ISSUE importing and authorization

2 participants

@unrealdreamz @Wires77