Merge pull request #75 from mikebronner/fix/49-handle-apple-server-errors

fix(auth): Handle Apple server errors (5xx) gracefully

Author: mikebronner

src/Providers/SignInWithAppleProvider.php

@@ -5,6 +5,7 @@
 use GeneaLabs\LaravelSignInWithApple\Exceptions\InvalidRedirectUrlException;
 use GeneaLabs\LaravelSignInWithApple\Exceptions\InvalidAppleCredentialsException;
 use GuzzleHttp\Exception\ClientException;
+use GuzzleHttp\Exception\ServerException;
 use Illuminate\Support\Arr;
 use Laravel\Socialite\Two\AbstractProvider;
 use Laravel\Socialite\Two\InvalidStateException;
@@ -108,34 +109,11 @@ public function getAccessTokenResponse($code)
             return parent::getAccessTokenResponse($code);
         } catch (ClientException $e) {
             $this->handleTokenError($e);
+        } catch (ServerException $e) {
+            $this->handleServerError($e);
         }
     }
 
-    public function getAccessToken($code)
-    {
-        $response = $this->getHttpClient()
-            ->post(
-                $this->getTokenUrl(),
-                [
-                    'headers' => [
-                        'Authorization' => 'Basic '. base64_encode(
-                            $this->clientId . ':' . $this->clientSecret
-                        ),
-                    ],
-                    'body' => $this->getTokenFields($code),
-                ]
-            );
-
-        return $this->parseAccessToken($response->getBody());
-    }
-
-    protected function parseAccessToken($response)
-    {
-        $data = $response->json();
-
-        return $data['access_token'];
-    }
-
     protected function getTokenFields($code)
     {
         $fields = parent::getTokenFields($code);
@@ -206,6 +184,28 @@ protected function mapUserToObject(array $user)
             ]);
     }
 
+    /**
+     * Handle a ServerException (5xx) from the Apple token endpoint.
+     *
+     * Apple's servers occasionally return 500 errors. This wraps them
+     * in a descriptive exception so apps can handle them gracefully.
+     *
+     * @throws \RuntimeException
+     */
+    protected function handleServerError(ServerException $exception): never
+    {
+        $statusCode = $exception->getResponse()->getStatusCode();
+
+        throw new \RuntimeException(
+            "Apple Sign In is temporarily unavailable (HTTP {$statusCode}). "
+            . 'Apple\'s authentication servers returned a server error. '
+            . 'This is typically a temporary issue on Apple\'s side. '
+            . 'Please try again in a few minutes.',
+            $statusCode,
+            $exception,
+        );
+    }
+
     /**
      * Handle a ClientException from the Apple token endpoint.
      *

tests/Unit/ServerErrorHandlingTest.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace GeneaLabs\LaravelSignInWithApple\Tests\Unit;
+
+use GeneaLabs\LaravelSignInWithApple\Providers\SignInWithAppleProvider;
+use GeneaLabs\LaravelSignInWithApple\Tests\UnitTestCase;
+use GuzzleHttp\Exception\ServerException;
+use GuzzleHttp\Psr7\Response;
+use Illuminate\Http\Request;
+use ReflectionMethod;
+
+class ServerErrorHandlingTest extends UnitTestCase
+{
+    protected function makeProvider(): SignInWithAppleProvider
+    {
+        return new SignInWithAppleProvider(
+            Request::create('/'),
+            'test-client-id',
+            'test-client-secret',
+            'https://example.com/callback'
+        );
+    }
+
+    public function testHandles500ServerError(): void
+    {
+        $provider = $this->makeProvider();
+
+        $response = new Response(500, [], 'Internal Server Error');
+        $exception = new ServerException('Server error', new \GuzzleHttp\Psr7\Request('POST', '/'), $response);
+
+        $method = new ReflectionMethod($provider, 'handleServerError');
+        $method->setAccessible(true);
+
+        try {
+            $method->invoke($provider, $exception);
+            $this->fail('Expected RuntimeException');
+        } catch (\RuntimeException $e) {
+            $this->assertStringContainsString('temporarily unavailable', $e->getMessage());
+            $this->assertStringContainsString('500', $e->getMessage());
+            $this->assertSame($exception, $e->getPrevious());
+        }
+    }
+
+    public function testHandles503ServiceUnavailable(): void
+    {
+        $provider = $this->makeProvider();
+
+        $response = new Response(503, [], 'Service Unavailable');
+        $exception = new ServerException('Server error', new \GuzzleHttp\Psr7\Request('POST', '/'), $response);
+
+        $method = new ReflectionMethod($provider, 'handleServerError');
+        $method->setAccessible(true);
+
+        try {
+            $method->invoke($provider, $exception);
+            $this->fail('Expected RuntimeException');
+        } catch (\RuntimeException $e) {
+            $this->assertStringContainsString('503', $e->getMessage());
+            $this->assertStringContainsString('try again', $e->getMessage());
+        }
+    }
+}