Fix oauth2Config.Exchange error reporting (#3003)

mrvanes · web-flow · commit b6d4c62eddbc · 2023-08-28T15:35:53.000-07:00
diff --git a/pkg/auth/idp/oauth2/provider.go b/pkg/auth/idp/oauth2/provider.go
@@ -323,13 +323,13 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN
 	getWebTokenExpiry := func() (*credentials.WebIdentityToken, error) {
 		customCtx := context.WithValue(ctx, oauth2.HTTPClient, client.provHTTPClient)
 		oauth2Token, err := client.oauth2Config.Exchange(customCtx, code)
-		client.RefreshToken = oauth2Token.RefreshToken
 		if err != nil {
 			return nil, err
 		}
 		if !oauth2Token.Valid() {
 			return nil, errors.New("invalid token")
 		}
+		client.RefreshToken = oauth2Token.RefreshToken
 
 		expiration := token.GetConsoleSTSDuration()
 		if exp := getIDPTokenExpiration(); exp > 0 {

Original file line number	Diff line number	Diff line change
`@@ -323,13 +323,13 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN`
`323`	`323`	`getWebTokenExpiry := func() (*credentials.WebIdentityToken, error) {`
`324`	`324`	`customCtx := context.WithValue(ctx, oauth2.HTTPClient, client.provHTTPClient)`
`325`	`325`	`oauth2Token, err := client.oauth2Config.Exchange(customCtx, code)`
`326`		`- client.RefreshToken = oauth2Token.RefreshToken`
`327`	`326`	`if err != nil {`
`328`	`327`	`return nil, err`
`329`	`328`	`}`
`330`	`329`	`if !oauth2Token.Valid() {`
`331`	`330`	`return nil, errors.New("invalid token")`
`332`	`331`	`}`
	`332`	`+ client.RefreshToken = oauth2Token.RefreshToken`
`333`	`333`
`334`	`334`	`expiration := token.GetConsoleSTSDuration()`
`335`	`335`	`if exp := getIDPTokenExpiration(); exp > 0 {`