Skip to content

Api changes for mobile improvements #453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Daggerpov merged 2 commits into from
Jan 22, 2026
Merged

Api changes for mobile improvements #453

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a599937
error for google id token
Daggerpov Jan 22, 2026
053734d
more robust error logging for auth, jwts, etc.
Daggerpov Jan 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/main/java/com/danielagapov/spawn/auth/api/AuthController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ public ResponseEntity<?> registerViaOAuth(@Valid @RequestBody OAuthRegistrationD
logger.info("OAuth registration succeeded via graceful handling");
return ResponseEntity.ok().headers(headers).body(gracefulUser);
} else {
logger.warn("Graceful handling returned null - attempting final fallback check");
logger.warn("Graceful handling returned null - attempting final fallback check. Email: " + registration.getEmail() + ", provider: " + registration.getProvider());

// Final fallback: try to sign in the user if they already exist
try {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/danielagapov/spawn/auth/internal/services/AppleOAuthStrategy.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public String verifyIdToken(String idToken) {

// Check token expiration before verification
if (decodedJWT.getExpiresAt() != null && decodedJWT.getExpiresAt().before(new java.util.Date())) {
logger.error("Apple ID token has expired");
logger.error("Apple ID token has expired. Expiration: " + decodedJWT.getExpiresAt() + ", Current time: " + new java.util.Date());
throw new TokenExpiredException("Apple ID token has expired, please sign in again");
}

Expand Down
4 changes: 2 additions & 2 deletions src/main/java/com/danielagapov/spawn/auth/internal/services/AuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ public boolean verifyEmail(String token) {
logger.info("Email verified successfully for user: " + LoggingUtils.formatUserInfo(user));
return true;
}
logger.warn("Invalid email verification token received");
logger.warn("Invalid email verification token received. Token prefix: " + (token != null ? token.substring(0, Math.min(20, token.length())) + "..." : "null"));
return false;
} catch (Exception e) {
logger.error("Error during email verification: " + e.getMessage());
Expand Down Expand Up @@ -432,7 +432,7 @@ public AuthResponseDTO handleOAuthRegistrationGracefully(OAuthRegistrationDTO re
}
} catch (InterruptedException ie) {
Thread.currentThread().interrupt();
logger.warn("Interrupted while waiting to check for concurrent user creation");
logger.warn("Interrupted while waiting to check for concurrent user creation: " + ie.getMessage());
} catch (Exception recheckEx) {
logger.warn("Error during concurrent user re-check: " + recheckEx.getMessage());
}
Expand Down
18 changes: 12 additions & 6 deletions src/main/java/com/danielagapov/spawn/auth/internal/services/GoogleOAuthStrategy.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,16 @@ public String verifyIdToken(String idToken) {
// Use retry helper for token verification
return RetryHelper.executeOAuthWithRetry(() -> {
try {
GoogleIdToken googleIdToken = null;
// Verify the token
GoogleIdToken googleIdToken = verifier.verify(idToken);
try {
googleIdToken = verifier.verify(idToken);
} catch (Error e) {
logger.error(e.getMessage());
}

if (googleIdToken == null) {
logger.error("Token verification failed - invalid token");
logger.error("Token verification failed - invalid token. Token prefix: " + (idToken != null ? idToken.substring(0, Math.min(20, idToken.length())) + "..." : "null"));
throw new SecurityException("Invalid Google ID token - token may be expired or malformed");
}

Expand All @@ -70,15 +76,15 @@ public String verifyIdToken(String idToken) {
// Check token expiration
Long expiration = payload.getExpirationTimeSeconds();
if (expiration != null && expiration < System.currentTimeMillis() / 1000) {
logger.error("Token has expired");
logger.error("Token has expired. Expiration: " + expiration + ", Current time: " + (System.currentTimeMillis() / 1000));
throw new TokenExpiredException("Google ID token has expired, please sign in again");
}

// Verify additional claims if needed
// For example, verify email is verified
Boolean emailVerified = payload.getEmailVerified();
if (emailVerified == null || !emailVerified) {
logger.error("Email not verified");
logger.error("Email not verified for user ID: " + userId + ", emailVerified value: " + emailVerified);
throw new SecurityException("Google account email is not verified");
}

Expand Down Expand Up @@ -127,10 +133,10 @@ public void initializeGoogleVerifier() {
.build();
logger.info("Google token verifier successfully initialized");
} else {
logger.error("Google client ID not set, token verification will fail. Set GOOGLE_CLIENT_ID in your environment.");
logger.error("Google client ID not set, token verification will fail. Set GOOGLE_CLIENT_ID in your environment. clientId value: " + (clientId == null ? "null" : "empty string"));
// Create a dummy verifier that will reject all tokens
this.verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new GsonFactory()).build();
logger.warn("Created dummy verifier that will reject all tokens");
logger.warn("Created dummy verifier that will reject all tokens - Google OAuth will not work");
}
}
}
10 changes: 5 additions & 5 deletions src/main/java/com/danielagapov/spawn/auth/internal/services/JWTService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,12 +120,12 @@ public String refreshAccessToken(HttpServletRequest request) {
try {
subject = extractUsername(token); // This actually extracts the subject, which could be username or email
} catch (Exception e) {
logger.error("Failed to extract subject. Invalid or expired token");
logger.error("Failed to extract subject. Invalid or expired token: " + e.getMessage());
throw e;
}

if (subject == null) {
logger.warn("Token subject is null");
logger.warn("Token subject is null. Token prefix: " + (token != null ? token.substring(0, Math.min(20, token.length())) + "..." : "null"));
throw new BadTokenException();
}

Expand All @@ -146,7 +146,7 @@ public String refreshAccessToken(HttpServletRequest request) {
// Use username if available, otherwise use email
usernameForNewToken = user.getOptionalUsername().orElse(user.getEmail());
} catch (Exception e) {
logger.error("Failed to get user by email: " + subject);
logger.error("Failed to get user by email: " + subject + ": " + e.getMessage());
throw new BadTokenException();
}
}
Expand All @@ -161,7 +161,7 @@ public String refreshAccessToken(HttpServletRequest request) {
String newAccessToken = generateAccessToken(usernameForNewToken);
return newAccessToken;
} else {
logger.warn("Expired token found");
logger.warn("Expired or invalid token type found for subject: " + subject);
throw new BadTokenException();
}
}
Expand Down Expand Up @@ -269,7 +269,7 @@ private boolean isTokenNonExpired(String token) {
try {
return !extractClaim(token, Claims::getExpiration).before(new Date());
} catch (ExpiredJwtException e) {
logger.warn("Token has expired");
logger.warn("Token has expired: " + e.getMessage());
return false;
} catch (Exception e) {
logger.warn("Error checking token expiration: " + e.getMessage());
Expand Down
14 changes: 7 additions & 7 deletions src/main/java/com/danielagapov/spawn/auth/internal/services/OAuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ public BaseUserDTO makeUser(UserDTO user, String externalUserId, byte[] profileP
return UserMapper.toDTO(existingUser);
}
} catch (BaseNotFoundException e) {
logger.warn("User email exists but no mapping found - this may be due to data inconsistency. Attempting graceful repair in makeUser.");
logger.warn("User email exists but no mapping found - this may be due to data inconsistency. Attempting graceful repair in makeUser: " + e.getMessage());

// Attempt to repair the data inconsistency gracefully
try {
Expand Down Expand Up @@ -216,7 +216,7 @@ public Optional<AuthResponseDTO> getUserIfExistsbyExternalId(String externalUser
throw new IncorrectProviderException("The email: " + email + " is already associated to a " + providerName + " account. Please login through " + providerName + " instead");
}
} catch (BaseNotFoundException e) {
logger.warn("User email exists but no mapping found - checking for data inconsistency and attempting cleanup.");
logger.warn("User email exists but no mapping found - checking for data inconsistency and attempting cleanup: " + e.getMessage());

// Get the user by email to check their status
try {
Expand All @@ -231,7 +231,7 @@ public Optional<AuthResponseDTO> getUserIfExistsbyExternalId(String externalUser
logger.info("Orphaned user deleted. Treating as no user found to allow fresh registration.");
return Optional.empty();
} else {
logger.warn("Active user exists without OAuth mapping - possible data corruption. Manual intervention may be required.");
logger.warn("Active user exists without OAuth mapping - possible data corruption. Manual intervention may be required. Email: " + email + ", User ID: " + orphanedUser.getId());
return Optional.empty();
}
} catch (Exception cleanupEx) {
Expand Down Expand Up @@ -265,7 +265,7 @@ public BaseUserDTO createUserFromOAuth(UserCreationDTO userCreationDTO, String i
logger.info("Making new user: " + newUser.getUsername());
return makeUser(newUser, userId, userCreationDTO.getProfilePictureData(), provider);
} else {
logger.error("Missing required authentication parameters");
logger.error("Missing required authentication parameters. idToken is null: " + (idToken == null) + ", provider: " + provider);
throw new IllegalArgumentException("Either a valid ID token or external user ID with provider must be provided");
}
} catch (SecurityException e) {
Expand Down Expand Up @@ -397,7 +397,7 @@ private String checkOAuthRegistrationWithLock(String email, String externalUserI
throw new IncorrectProviderException("Email already exists for a " + providerName + " account. Please login through " + providerName + " instead");
}
} catch (BaseNotFoundException e) {
logger.warn("User email exists but no mapping found - this may be due to data inconsistency. Attempting graceful repair in registration flow.");
logger.warn("User email exists but no mapping found - this may be due to data inconsistency. Attempting graceful repair in registration flow: " + e.getMessage());

// Attempt to repair the data inconsistency gracefully
try {
Expand Down Expand Up @@ -476,7 +476,7 @@ private void createAndSaveMappingWithLock(User user, String externalUserId, OAut
logger.info("Mapping already exists for the same user, no action needed");
return;
} else {
logger.warn("Mapping exists for different user. This indicates a race condition or data inconsistency.");
logger.warn("Mapping exists for different user. This indicates a race condition or data inconsistency. External ID: " + externalUserId + ", existing user: " + existing.getUser().getId() + ", new user: " + user.getId());

// Check if the existing mapping points to a deleted/non-existent user
try {
Expand All @@ -488,7 +488,7 @@ private void createAndSaveMappingWithLock(User user, String externalUserId, OAut
externalIdMapRepository.delete(existing);
externalIdMapRepository.flush(); // Ensure deletion is committed before proceeding
} else {
logger.error("Mapping exists for a different valid user. Cannot proceed with mapping creation.");
logger.error("Mapping exists for a different valid user. Cannot proceed with mapping creation. External ID: " + externalUserId + ", existing user: " + existingMappedUser.getId() + ", new user: " + user.getId());
throw new RuntimeException("OAuth mapping conflict: External ID already mapped to a different active user");
}
} catch (Exception checkEx) {
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/com/danielagapov/spawn/shared/config/JWTFilterConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ protected void doFilterInternal(HttpServletRequest request, @NonNull HttpServlet
*/
SecurityContextHolder.getContext().setAuthentication(token);
} else {
logger.warn("Invalid token, user is not authenticated");
logger.warn("Invalid token, user is not authenticated. Username: " + username);
}
} catch (UsernameNotFoundException e) {
// Try loading by email if username lookup failed (for OAuth users with email-based tokens)
Expand All @@ -86,10 +86,10 @@ protected void doFilterInternal(HttpServletRequest request, @NonNull HttpServlet
token.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(token);
} else {
logger.warn("Invalid token, user is not authenticated");
logger.warn("Invalid token, user is not authenticated. Email/username: " + username);
}
} catch (Exception emailException) {
logger.warn("User not found by username or email: " + username);
logger.warn("User not found by username or email: " + username + ": " + emailException.getMessage());
}
} catch (Exception e) {
logger.error("Error during authentication: " + e.getMessage());
Expand Down