feat: distinguish between missing and invalid state (#1099)

auth0 · May 22, 2023 · 3c588e9 · 3c588e9
1 parent ccc53a5
commit 3c588e9
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/__tests__/Auth0Client/handleRedirectCallback.test.ts b/__tests__/Auth0Client/handleRedirectCallback.test.ts
@@ -30,6 +30,7 @@ import {
 } from '../constants';
 
 import { DEFAULT_AUTH0_CLIENT } from '../../src/constants';
+import { GenericError } from '../../src';
 
 jest.mock('es-cookie');
 jest.mock('../../src/jwt');
@@ -204,6 +205,9 @@ describe('Auth0Client', () => {
 
       expect(error).toBeDefined();
       expect(error.message).toBe('Invalid state');
+      expect(error.error).toBe('missing_transaction');
+      expect(error).toBeInstanceOf(Error);
+      expect(error).toBeInstanceOf(GenericError);
     });
 
     it('returns the transactions appState', async () => {
@@ -269,8 +273,9 @@ describe('Auth0Client', () => {
 
     it('should fail with an error if the state in the transaction does not match the request', async () => {
       const auth0 = setup();
+      let error;
 
-      await expect(async () => {
+      try {
         await loginWithRedirect(
           auth0,
           {},
@@ -281,7 +286,15 @@ describe('Auth0Client', () => {
             }
           }
         );
-      }).rejects.toEqual(new Error('Invalid state'));
+      } catch (e) {
+        error = e;
+      }
+
+      expect(error).toBeDefined();
+      expect(error.message).toBe('Invalid state');
+      expect(error.error).toBe('state_mismatch');
+      expect(error).toBeInstanceOf(Error);
+      expect(error).toBeInstanceOf(GenericError);
     });
 
     it('should not validate the state if there is no state in the transaction', async () => {

diff --git a/src/Auth0Client.ts b/src/Auth0Client.ts
@@ -493,7 +493,7 @@ export class Auth0Client {
     const transaction = this.transactionManager.get();
 
     if (!transaction) {
-      throw new Error('Invalid state');
+      throw new GenericError('missing_transaction', 'Invalid state');
     }
 
     this.transactionManager.remove();
@@ -512,7 +512,7 @@ export class Auth0Client {
       !transaction.code_verifier ||
       (transaction.state && transaction.state !== state)
     ) {
-      throw new Error('Invalid state');
+      throw new GenericError('state_mismatch', 'Invalid state');
     }
 
     const organizationId = transaction.organizationId;