Skip to content

Throw AuthException for revoked or invalid refresh token (#232)#384

Merged
AndreyVMarkelov merged 1 commit into
mainfrom
fix/232-revoked-refresh-token
Jul 8, 2026
Merged

Throw AuthException for revoked or invalid refresh token (#232)#384
AndreyVMarkelov merged 1 commit into
mainfrom
fix/232-revoked-refresh-token

Conversation

@AndreyVMarkelov

Copy link
Copy Markdown
Contributor

Fixes #232.

RefreshAccessToken only mapped invalid_grant to an AuthException on a 401 with an exact-string body. A revoked or invalid refresh token actually returns 400 with a JSON invalid_grant body, so it surfaced as a generic HttpRequestException with no useful detail.

  • Detect invalid_grant by parsing the OAuth error JSON on any non-success status (400 or 401).
  • Throw AuthException carrying the error_description and the real HTTP status code.
  • Add AuthException/StructuredException constructors that accept a message and status code.
  • Add a live test asserting the exception type, a non-JSON message, and StatusCode 400.

Verified against the live token endpoint (reproduced the generic exception before the fix).

RefreshAccessToken only mapped invalid_grant to AuthException on a 401
with an exact-string body, but a revoked refresh token returns 400 with
a JSON invalid_grant body, so it surfaced as a generic HttpRequestException.
Detect invalid_grant on any non-success status and throw AuthException.
Add a live test and an AuthException/StructuredException message constructor.
@codecov

codecov Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 80.00000% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.38%. Comparing base (2ab8af7) to head (0336631).

Files with missing lines Patch % Lines
...ox-sdk-dotnet/Dropbox.Api/DropboxRequestHandler.cs 68.75% 3 Missing and 2 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #384      +/-   ##
==========================================
+ Coverage   58.54%   59.38%   +0.84%     
==========================================
  Files          16       16              
  Lines        1411     1433      +22     
  Branches      135      136       +1     
==========================================
+ Hits          826      851      +25     
+ Misses        524      520       -4     
- Partials       61       62       +1     
Flag Coverage Δ
integration 55.96% <80.00%> (+0.89%) ⬆️
unit 10.32% <0.00%> (-0.17%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@AndreyVMarkelov AndreyVMarkelov merged commit 0e0c773 into main Jul 8, 2026
18 of 22 checks passed
@AndreyVMarkelov AndreyVMarkelov deleted the fix/232-revoked-refresh-token branch July 8, 2026 22:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Should a revoked refresh token result in an AuthException?

2 participants