oidc, console2: improve error handling

Author: ibodrov

console2/src/components/pages/UnauthorizedPage/index.tsx

@@ -23,17 +23,11 @@ import * as React from 'react';
 import { RedirectButton } from '../../organisms';
 
 import './styles.css';
-import { Card, CardContent, CardHeader, Divider, Image } from 'semantic-ui-react';
-import { useContext, useEffect } from 'react';
-import { UserSessionContext } from '../../../session';
-
-export default () => {
-    const session = useContext(UserSessionContext);
-
-    useEffect(() => {
-        session.setUserInfo(undefined);
-    }, [session]);
+import {Card, CardContent, CardDescription, CardHeader, Divider, Image} from 'semantic-ui-react';
+import {withRouter} from "react-router";
 
+export default withRouter((props) => {
+    const error = new URLSearchParams(props.location.search).get('error');
     return (
         <div className="flexbox-container">
             <Card centered={true}>
@@ -42,6 +36,8 @@ export default () => {
 
                     <CardHeader>You are not authorized.</CardHeader>
 
+                    {error && <CardDescription>Error: {error}</CardDescription>}
+
                     <Divider />
 
                     <RedirectButton primary={true} fluid={true} location={'/'}>
@@ -51,4 +47,4 @@ export default () => {
             </Card>
         </div>
     );
-};
+});

server/dist/src/main/resources/concord-server.conf

@@ -589,6 +589,7 @@ concord-server {
         urlBase = "http://concord.example.com"
         afterLoginUrl = "http://concord.example.com"
         afterLogoutUrl = "http://concord.example.com/#/logout/done"
+        onErrorUrl = "http://concord.example.com/#/unauthorized"
 
         scopes = [ "openid", "profile", "email", "groups"]
 

server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcCallbackFilter.java

@@ -72,6 +72,16 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             postLoginUrl = cfg.getAfterLoginUrl();
         }
 
+        String error = req.getParameter("error");
+        if (error != null) {
+            String derivedError = "unknown";
+            if ("access_denied".equals(error)) {
+                derivedError = "oidc_access_denied";
+            }
+            resp.sendRedirect(resp.encodeRedirectURL(cfg.getOnErrorUrl() + "?from=" + postLoginUrl + "&error=" + derivedError));
+            return;
+        }
+
         try {
             CallbackLogic<?, JEEContext> callback = pac4jConfig.getCallbackLogic();
             callback.perform(context, pac4jConfig, pac4jConfig.getHttpActionAdapter(), postLoginUrl, true, false, true, OidcPluginModule.CLIENT_NAME);

server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/PluginConfiguration.java

@@ -58,6 +58,10 @@ public class PluginConfiguration {
     @Config("oidc.afterLogoutUrl")
     private String afterLogoutUrl;
 
+    @Inject
+    @Config("oidc.onErrorUrl")
+    private String onErrorUrl;
+
     @Inject
     @Nullable
     @Config("oidc.scopes")
@@ -102,6 +106,10 @@ public String getAfterLogoutUrl() {
         return afterLogoutUrl;
     }
 
+    public String getOnErrorUrl() {
+        return onErrorUrl;
+    }
+
     public List<String> getScopes() {
         return scopes;
     }