Harden JWTProvider device-flow token poll against non-JSON responses#1697
Open
BorisTyshkevich wants to merge 2 commits intoantalya-26.1from
Open
Harden JWTProvider device-flow token poll against non-JSON responses#1697BorisTyshkevich wants to merge 2 commits intoantalya-26.1from
BorisTyshkevich wants to merge 2 commits intoantalya-26.1from
Conversation
JWTProvider::deviceCodeLogin parsed each token-endpoint response with Poco::JSON::Parser().parse(...).extract<Object::Ptr>() unconditionally. When the IdP (or a CDN in front of it) returned a non-JSON body — an HTML error page, an empty body on transient TCP/TLS failure, a non- object JSON value — the extract() call threw std::bad_cast and aborted the whole device flow with no useful diagnostic, even though the problem was transient. Wrap parse + extract in try/catch and treat any parse failure as "transient — keep polling". The device flow is by design tolerant of intermittent token-endpoint errors (RFC 8628 §3.5 lists slow_down / authorization_pending as expected during the polling window), and the outer expires_in clamp bounds total retry time, so a missed poll has no worse impact than a slow_down. Emit a warning naming the status code and a body excerpt so operators can debug systemic IdP issues without losing the login. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Boris Tyshkevich <btyshkevich@altinity.com>
7 tasks
Signed-off-by: Boris Tyshkevich <btyshkevich@altinity.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
JWTProvider::deviceCodeLoginparsed each token-endpoint response withPoco::JSON::Parser().parse(...).extract<Object::Ptr>()unconditionally. When the IdP (or a CDN in front of it) returned a non-JSON body — an HTML error page, an empty body on transient TCP/TLS failure, a non-object JSON value — theextract()call threwstd::bad_castand aborted the whole device flow with no useful diagnostic, even though the underlying problem was transient.Wrap parse + extract in
try/catchand treat any parse failure as "transient — keep polling". The device flow is by design tolerant of intermittent token-endpoint errors (RFC 8628 §3.5 listsslow_down/authorization_pendingas expected during the polling window), and the outerexpires_inclamp bounds total retry time, so a missed poll has no worse impact than aslow_down. Emit a warning naming the status code and a body excerpt so operators can debug systemic IdP issues without losing the login.Test plan
antalya-26.1🤖 Generated with Claude Code