golang/oauth2/stsexchange: error handling enhancement proposal

[olefirenque]

Hello!

The standard implementation of client_credentials grant_type uses a RetrieveError, which is really useful because it provides the raw response body and error code.

oauth2/token.go

Lines 184 to 198 in 3e64809

	// RetrieveError is the error returned when the token endpoint returns a
	// non-2XX HTTP status code or populates RFC 6749's 'error' parameter.
	// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
	type RetrieveError struct {
	Response *http.Response
	// Body is the body that was consumed by reading Response.Body.
	// It may be truncated.
	Body []byte
	// ErrorCode is RFC 6749's 'error' parameter.
	ErrorCode string
	// ErrorDescription is RFC 6749's 'error_description' parameter.
	ErrorDescription string
	// ErrorURI is RFC 6749's 'error_uri' parameter.
	ErrorURI string
	}

As I noticed, the stsexchange implementation wraps the raw error message, which makes it difficult to properly handle custom errors from different OIDC providers.

oauth2/google/internal/stsexchange/sts_exchange.go

Lines 89 to 91 in 3e64809

	if c := resp.StatusCode; c < 200 || c > 299 {
	return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body)
	}

It would be great if stsexchange wrapped errors the same way client_credentials do.

[codyoss]

Would you mind raising an issue on https://github.com/googleapis/google-cloud-go instead. This package google package is slowly being phased out in favor of https://pkg.go.dev/cloud.google.com/go/auth/credentials

[olefirenque]

Sure, I can bring this up, but I would like to point out that in my case I use both client_credentials and token-exchange from oauth2 (I don't actually use any Google cloud infrastructure). It would be more convenient to use this enhancement here, since it allows to handle token issuance errors in a more general way (in particular, they will have a common type for the error).

Can the attached MR still be considered?

[codyoss]

(I don't actually use any Google cloud infrastructure)

Your PR and issue mention the google sub-directory that is used for Google clients. This package will soon be deprecated in favor of the one I liked above. We don't plan on adding any more features to this google package at this time.