Android app crash on empty refresh token - no exception is thrown
spekary opened this issue · 3 comments
Using version 4.2.0 of flutter_appauth on Samsung Galaxy 7 with OS 12.
To Reproduce:
- Setup a server that is misconfigured and will return a refresh_token of empty string when responding to the token endpoint.
- Call appAuth.authorize() followed by appAuth.token() on the server, but surround the call with a try-catch block. Run this on Android.
Result:
App shutdown with FATAL EXCEPTION error as follows:
E/AndroidRuntime(17080): java.lang.IllegalArgumentException: refresh token must not be empty if defined
E/AndroidRuntime(17080): at net.openid.appauth.Preconditions.checkArgument(Preconditions.java:116)
E/AndroidRuntime(17080): at net.openid.appauth.Preconditions.checkNotEmpty(Preconditions.java:68)
E/AndroidRuntime(17080): at net.openid.appauth.Preconditions.checkNullOrNotEmpty(Preconditions.java:89)
E/AndroidRuntime(17080): at net.openid.appauth.TokenResponse$Builder.setRefreshToken(TokenResponse.java:305)
E/AndroidRuntime(17080): at net.openid.appauth.TokenResponse$Builder.fromResponseJson(TokenResponse.java:222)
E/AndroidRuntime(17080): at net.openid.appauth.AuthorizationService$TokenRequestTask.onPostExecute(AuthorizationService.java:688)
E/AndroidRuntime(17080): at net.openid.appauth.AuthorizationService$TokenRequestTask.onPostExecute(AuthorizationService.java:579)
E/AndroidRuntime(17080): at android.os.AsyncTask.finish(AsyncTask.java:771)
E/AndroidRuntime(17080): at android.os.AsyncTask.access$900(AsyncTask.java:199)
E/AndroidRuntime(17080): at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:788)
E/AndroidRuntime(17080): at android.os.Handler.dispatchMessage(Handler.java:106)
E/AndroidRuntime(17080): at android.os.Looper.loopOnce(Looper.java:226)
E/AndroidRuntime(17080): at android.os.Looper.loop(Looper.java:313)
E/AndroidRuntime(17080): at android.app.ActivityThread.main(ActivityThread.java:8751)
E/AndroidRuntime(17080): at java.lang.reflect.Method.invoke(Native Method)
E/AndroidRuntime(17080): at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:571)
E/AndroidRuntime(17080): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)
I/Process (17080): Sending signal. PID: 17080 SIG: 9
Expected:
Catch block to be entered.
In other words, server errors should not cause the app to crash.
Thanks for raising this and makes sense what you said. Would you be able to submit a PR that can fix this? Something else to note is I don't have the resource to be setting up the scenario you described
The failure appears to be in the openid code. I will post something there.
I posted an issue, but not hopeful. Other issue posters are complaining that openid is not being maintained. If you continue to use it, you might need to import it into this project to fix problems yourself. A difficult issue for sure.