[Auth] Handle PAR failures gracefully to continue authentication without metadata

sirker · claude · sirker · commit c7562143b4e7 · 2026-01-10T05:37:58.000Z
Modified AuthProvider to allow authentication to continue when Pushed Authorization Request (PAR) fails. Previously, PAR failures would throw an exception and block the entire authentication flow. Now, if PAR fails (due to network errors or server issues), authentication proceeds without user metadata pre-fill, improving user experience and system resilience. Changes: - Wrapped PAR request in try-catch to handle errors gracefully - Return empty PARResponse on failure instead of throwing exception - Added comprehensive unit tests for PAR error scenarios - Verified existing tests still pass (regression testing) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/authentication/src/main/kotlin/com/uber/sdk2/auth/internal/AuthProvider.kt b/authentication/src/main/kotlin/com/uber/sdk2/auth/internal/AuthProvider.kt
@@ -92,16 +92,26 @@ class AuthProvider(
 
   private suspend fun sendPushedAuthorizationRequest(ssoConfig: SsoConfig) =
     authContext.prefillInfo?.let {
-      val response =
-        authService.loginParRequest(
-          ssoConfig.clientId,
-          RESPONSE_TYPE,
-          Base64Util.encodePrefillInfoToString(it),
-          ssoConfig.scope ?: "profile",
-        )
-      val body = response.body()
-      body?.takeIf { response.isSuccessful }
-        ?: throw AuthException.ServerError("Bad response ${response.code()}")
+      try {
+        val response =
+          authService.loginParRequest(
+            ssoConfig.clientId,
+            RESPONSE_TYPE,
+            Base64Util.encodePrefillInfoToString(it),
+            ssoConfig.scope ?: "profile",
+          )
+        val body = response.body()
+        body?.takeIf { response.isSuccessful }
+          ?: run {
+            // PAR request failed, but continue authentication without metadata
+            // User can still login, just without pre-filled information
+            PARResponse("", "")
+          }
+      } catch (e: Exception) {
+        // PAR request failed due to network or other error
+        // Continue authentication without metadata for better user experience
+        PARResponse("", "")
+      }
     } ?: PARResponse("", "")
 
   private fun getQueryParams(parResponse: PARResponse) = buildMap {
diff --git a/authentication/src/test/kotlin/com/uber/sdk2/auth/internal/AuthProviderTest.kt b/authentication/src/test/kotlin/com/uber/sdk2/auth/internal/AuthProviderTest.kt
@@ -200,4 +200,85 @@ class AuthProviderTest : RobolectricTestBase() {
     assert(result is AuthResult.Success)
     assert((result as AuthResult.Success).uberToken.authCode == "authCode")
   }
+
+  @Test
+  fun `test authenticate when PAR request fails should continue without metadata`() = runTest {
+    whenever(ssoLink.execute(any())).thenReturn("authCode")
+    // Mock PAR request to return error response (e.g., 500)
+    val errorResponse: Response<PARResponse> = Response.error(500, mock())
+    whenever(authService.loginParRequest(any(), any(), any(), any())).thenReturn(errorResponse)
+    val prefillInfo = PrefillInfo("email", "firstName", "lastName", "phoneNumber")
+    val authContext =
+      AuthContext(
+        AuthDestination.CrossAppSso(listOf(CrossApp.Rider)),
+        AuthType.AuthCode,
+        prefillInfo,
+      )
+    val authProvider = AuthProvider(activity, authContext, authService, codeVerifierGenerator)
+    val argumentCaptor = argumentCaptor<Map<String, String>>()
+    val result = authProvider.authenticate()
+    // Verify PAR request was attempted
+    verify(authService).loginParRequest(any(), any(), any(), any())
+    // Verify authentication continued without request_uri
+    verify(ssoLink).execute(argumentCaptor.capture())
+    assert(argumentCaptor.lastValue.containsKey(REQUEST_URI).not())
+    // Verify authentication succeeded
+    assert(result is AuthResult.Success)
+    assert((result as AuthResult.Success).uberToken.authCode == "authCode")
+  }
+
+  @Test
+  fun `test authenticate when PAR request throws exception should continue without metadata`() =
+    runTest {
+      whenever(ssoLink.execute(any())).thenReturn("authCode")
+      // Mock PAR request to throw network exception
+      whenever(authService.loginParRequest(any(), any(), any(), any()))
+        .thenThrow(RuntimeException("Network error"))
+      val prefillInfo = PrefillInfo("email", "firstName", "lastName", "phoneNumber")
+      val authContext =
+        AuthContext(
+          AuthDestination.CrossAppSso(listOf(CrossApp.Rider)),
+          AuthType.AuthCode,
+          prefillInfo,
+        )
+      val authProvider = AuthProvider(activity, authContext, authService, codeVerifierGenerator)
+      val argumentCaptor = argumentCaptor<Map<String, String>>()
+      val result = authProvider.authenticate()
+      // Verify PAR request was attempted
+      verify(authService).loginParRequest(any(), any(), any(), any())
+      // Verify authentication continued without request_uri
+      verify(ssoLink).execute(argumentCaptor.capture())
+      assert(argumentCaptor.lastValue.containsKey(REQUEST_URI).not())
+      // Verify authentication succeeded
+      assert(result is AuthResult.Success)
+      assert((result as AuthResult.Success).uberToken.authCode == "authCode")
+    }
+
+  @Test
+  fun `test authenticate with PKCE when PAR fails should still include code challenge`() = runTest {
+    whenever(ssoLink.execute(any())).thenReturn("authCode")
+    whenever(codeVerifierGenerator.generateCodeVerifier()).thenReturn("verifier")
+    whenever(codeVerifierGenerator.generateCodeChallenge("verifier")).thenReturn("challenge")
+    whenever(authService.token(any(), any(), any(), any(), any()))
+      .thenReturn(Response.success(UberToken(accessToken = "accessToken")))
+    // Mock PAR request to fail
+    val errorResponse: Response<PARResponse> = Response.error(500, mock())
+    whenever(authService.loginParRequest(any(), any(), any(), any())).thenReturn(errorResponse)
+    val prefillInfo = PrefillInfo("email", "firstName", "lastName", "phoneNumber")
+    val authContext =
+      AuthContext(AuthDestination.CrossAppSso(listOf(CrossApp.Rider)), AuthType.PKCE(), prefillInfo)
+    val authProvider = AuthProvider(activity, authContext, authService, codeVerifierGenerator)
+    val argumentCaptor = argumentCaptor<Map<String, String>>()
+    val result = authProvider.authenticate()
+    // Verify PAR request was attempted
+    verify(authService).loginParRequest(any(), any(), any(), any())
+    // Verify authentication continued with code challenge but without request_uri
+    verify(ssoLink).execute(argumentCaptor.capture())
+    assert(argumentCaptor.lastValue.containsKey(REQUEST_URI).not())
+    assert(argumentCaptor.lastValue[CODE_CHALLENGE_PARAM] == "challenge")
+    assert(argumentCaptor.lastValue[CODE_CHALLENGE_METHOD] == CODE_CHALLENGE_METHOD_VAL)
+    // Verify authentication succeeded
+    assert(result is AuthResult.Success)
+    assert((result as AuthResult.Success).uberToken.accessToken == "accessToken")
+  }
 }
