Description
Checklist:
- I am using the latest release
- I searched for existing GitHub issues
- I read the documentation
- I verified the client configuration matches the information in the identity provider (or I am using dynamic client registration)
- I am either using a custom URI scheme or
httpswith App Links for client redirect. - I can reproduce the issue in the demo app (optional)
Configuration
- Version: 0.11.1
- Integration: Kotlin
- Identity provider: Not sure but also not relevant for this bug.
Issue Description
The AuthorizationException.java File contains nested classes that represent the different types of errors that can be thrown by the AppAuth Android library. One of those types is AuthorizationRequestErrors and one of the subtypes of AuthorizationRequestErrors is STATE_MISMATCH. (here is a permalink to the relevant line of code.) AuthorizationRequestErrors are supposed to use error codes in the range 1000 to 1999 (at least if I understood the code comment on line 224 correctly) but AuthorizationRequestErrors.STATE_MISMATCH uses code 9. Also, all other errors in the AuthorizationRequestErrors class use the function authEx while AuthorizationRequestErrors.STATE_MISMATCH uses generalEx. AuthorizationRequestErrors.STATE_MISMATCH also isn't part of the AuthorizationRequestErrors.STRING_TO_EXCEPTION Map and therefore can't be returned by the AuthorizationRequestErrors.byString(String) function.
To make things even worse, there is another error type that also uses the code 9 and the function generalEx. That other error type is GeneralErrors.ID_TOKEN_VALIDATION_ERROR. And because of how the equals function is implemented for AuthorizationException, Exceptions of these 2 different types would be considered equal.
All of the things mentioned above make it unnecessarily hard to correctly detect the error AuthorizationRequestErrors.STATE_MISMATCH. If possible I would like this error to either be removed or to be changed to make it easier to detect.