Skip to content

feat: Improve OAuth Token Handling and Logging #474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 18, 2025

Conversation

armando-rodriguez-cko
Copy link
Contributor

feat: Improve OAuth Token Handling and Logging

Description:

This PR enhances OAuth authentication by improving token validation, adding logging, refactoring OAuth models, and ensuring better error handling.


Key Changes:

OAuth Enhancements:

  1. Improved Logging (@Slf4j) in OAuthAccessToken:

    • Logs when the token is about to expire.
    • Logs when the token has expired.
  2. Refactored OAuthAccessToken:

    • Added tokenType field.
    • Now validates tokenType and expirationDate.
  3. Better Error Handling in OAuthSdkCredentials:

    • Logs when a cached token is used.
    • Throws exceptions for invalid OAuth responses.
    • More detailed error messages for failed authentication.
  4. Refactored OAuthServiceResponse:

    • Added tokenType field.
    • Improved response validation.

Testing Improvements:

  1. Unit Tests for OAuth Handling (OAuthSdkCredentialsTest):

    • Ensures token retrieval works correctly.
    • Validates token expiration and response parsing.
    • Tests error handling when OAuth response is invalid.
  2. Mocked HTTP Responses for OAuth API Calls:

    • Uses Mockito to simulate different OAuth responses.
    • Tests invalid responses (null access_token, error: invalid_client, etc.).

Impact:

  • More Reliable Authentication: Improved validation and logging.
  • Better Debugging: Logs now indicate when tokens expire or are about to expire.
  • Stronger Error Handling: More robust exception handling for OAuth failures.

Notes:

  • Ensure that API documentation reflects changes in OAuthAccessToken and OAuthServiceResponse.
  • The new logging behavior helps track authentication issues in production.
  • Previous Tests disabled

Changes:
- **OAuthAccessToken**: Added `tokenType` field and enhanced expiration logging.
- **OAuthSdkCredentials**: Improved token retrieval logic with better logging and validation.
- **OAuthServiceResponse**: Added `tokenType` field for consistency.
- **PaymentPurposeType**: Moved from `payments.hosted` to `payments` package.
- **HostedPaymentRequest**: Default `paymentType` set to `REGULAR`.
- **Tests**:
  - Added checks for invalid OAuth responses.
  - Improved token expiration handling validation.
  - Enhanced HTTP request verification in OAuth tests.
  - Disabled Previous tests
@armando-rodriguez-cko armando-rodriguez-cko requested a review from a team March 18, 2025 12:30
@armando-rodriguez-cko armando-rodriguez-cko merged commit b22d695 into master Mar 18, 2025
4 checks passed
@armando-rodriguez-cko armando-rodriguez-cko deleted the feature/update-access branch March 18, 2025 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants