+UnauthorizedAccessException, InvalidAccessTokenException

src/Core/InvalidAccessTokenException.php

@@ -0,0 +1,18 @@
+<?php
+/**
+ * Class InvalidAccessTokenException
+ *
+ * @created      18.03.2024
+ * @author       smiley <[email protected]>
+ * @copyright    2024 smiley
+ * @license      MIT
+ */
+
+namespace chillerlan\OAuth\Core;
+
+/**
+ *
+ */
+class InvalidAccessTokenException extends UnauthorizedAccessException{
+
+}

src/Core/OAuthProvider.php

@@ -237,6 +237,7 @@ protected function cleanBodyParams(iterable $params):array{
 
 	/**
 	 * @inheritDoc
+	 * @throws \chillerlan\OAuth\Core\UnauthorizedAccessException
 	 */
 	public function request(
 		string                            $path,
@@ -264,7 +265,14 @@ public function request(
 			$request = $request->withProtocolVersion($protocolVersion);
 		}
 
-		return $this->sendRequest($request);
+		$response = $this->sendRequest($request);
+
+		// we're throwing here immideately on unauthorized/forbidden
+		if(in_array($response->getStatusCode(), [401, 403], true)){
+			throw new UnauthorizedAccessException;
+		}
+
+		return $response;
 	}
 
 	/**
@@ -360,6 +368,7 @@ protected function getRequestTarget(string $uri):string{
 
 	/**
 	 * @inheritDoc
+	 * @throws \chillerlan\OAuth\Core\InvalidAccessTokenException
 	 */
 	public function sendRequest(RequestInterface $request):ResponseInterface{
 
@@ -368,12 +377,15 @@ public function sendRequest(RequestInterface $request):ResponseInterface{
 			$token = $this->storage->getAccessToken($this->serviceName);
 
 			// attempt to refresh an expired token
-			if(
-				$this instanceof TokenRefresh
-				&& $this->options->tokenAutoRefresh
-				&& ($token->isExpired() || $token->expires === $token::EOL_UNKNOWN)
-			){
-				$token = $this->refreshAccessToken($token);
+			if($token->isExpired() || $token->expires === $token::EOL_UNKNOWN){
+
+				if($this instanceof TokenRefresh && $this->options->tokenAutoRefresh){
+					$token = $this->refreshAccessToken($token);
+				}
+				else{
+					throw new InvalidAccessTokenException;
+				}
+
 			}
 
 			$request = $this->getRequestAuthorization($request, $token);

src/Core/UnauthorizedAccessException.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * Class UnauthorizedAccessException
+ *
+ * @created      18.03.2024
+ * @author       smiley <[email protected]>
+ * @copyright    2024 smiley
+ * @license      MIT
+ */
+
+namespace chillerlan\OAuth\Core;
+
+use chillerlan\OAuth\OAuthException;
+
+/**
+ *
+ */
+class UnauthorizedAccessException extends OAuthException{
+
+}

src/Providers/Amazon.php

@@ -11,7 +11,7 @@
 namespace chillerlan\OAuth\Providers;
 
 use chillerlan\HTTP\Utils\MessageUtil;
-use chillerlan\OAuth\Core\{CSRFToken, OAuth2Provider, TokenRefresh};
+use chillerlan\OAuth\Core\{CSRFToken, InvalidAccessTokenException, OAuth2Provider, TokenRefresh};
 use Psr\Http\Message\ResponseInterface;
 use function sprintf;
 
@@ -35,7 +35,7 @@ class Amazon extends OAuth2Provider implements CSRFToken, TokenRefresh{
 	protected string      $authURL        = 'https://www.amazon.com/ap/oa';
 	protected string      $accessTokenURL = 'https://www.amazon.com/ap/oatoken';
 	protected string      $apiURL         = 'https://api.amazon.com';
-	protected string|null $applicationURL = 'https://sellercentral.amazon.com/hz/home';
+	protected string|null $applicationURL = 'https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html';
 
 	/**
 	 * @inheritDoc
@@ -51,6 +51,11 @@ public function me():ResponseInterface{
 		$json = MessageUtil::decodeJSON($response);
 
 		if(isset($json->error, $json->error_description)){
+
+			if($json->error === 'invalid_token'){
+				throw new InvalidAccessTokenException($json->error_description);
+			}
+
 			throw new ProviderException($json->error_description);
 		}
 

src/Providers/BattleNet.php

@@ -11,7 +11,7 @@
 namespace chillerlan\OAuth\Providers;
 
 use chillerlan\HTTP\Utils\MessageUtil;
-use chillerlan\OAuth\Core\{ClientCredentials, CSRFToken, OAuth2Provider};
+use chillerlan\OAuth\Core\{ClientCredentials, CSRFToken, InvalidAccessTokenException, OAuth2Provider};
 use Psr\Http\Message\ResponseInterface;
 use function in_array;
 use function ltrim;
@@ -141,13 +141,19 @@ public function me():ResponseInterface{
 			return $response;
 		}
 
-		try{
+		$json = null;
+
+		// response may be html in some cases
+		if(str_contains($response->getHeaderLine('Content-Type'), 'application/json')){
 			$json = MessageUtil::decodeJSON($response);
 		}
-		catch(Throwable){
-		}
 
 		if(isset($json->error, $json->error_description)){
+
+			if($status === 401){
+				throw new InvalidAccessTokenException($json->error_description);
+			}
+
 			throw new ProviderException($json->error_description);
 		}
 

src/Providers/Deezer.php

@@ -11,7 +11,7 @@
 namespace chillerlan\OAuth\Providers;
 
 use chillerlan\HTTP\Utils\{MessageUtil, QueryUtil};
-use chillerlan\OAuth\Core\{AccessToken, CSRFToken, OAuth2Provider};
+use chillerlan\OAuth\Core\{AccessToken, CSRFToken, InvalidAccessTokenException, OAuth2Provider};
 use Psr\Http\Message\{ResponseInterface, UriInterface};
 use function array_merge, implode, sprintf;
 use const PHP_QUERY_RFC1738;
@@ -140,6 +140,11 @@ public function me():ResponseInterface{
 		}
 
 		if(isset($json->error)){
+
+			if($json->error->code === 300){
+				throw new InvalidAccessTokenException($json->error->message);
+			}
+
 			throw new ProviderException($json->error->message);
 		}
 

src/Providers/Flickr.php

@@ -11,7 +11,7 @@
 namespace chillerlan\OAuth\Providers;
 
 use chillerlan\HTTP\Utils\{MessageUtil, QueryUtil};
-use chillerlan\OAuth\Core\{OAuth1Provider};
+use chillerlan\OAuth\Core\{InvalidAccessTokenException, OAuth1Provider};
 use Psr\Http\Message\{ResponseInterface, StreamInterface};
 use function array_merge, sprintf;
 
@@ -63,6 +63,8 @@ public function request(
 	}
 
 	/**
+	 * hi flickr, can i have a 401 on invalid token???
+	 *
 	 * @inheritDoc
 	 */
 	public function me():ResponseInterface{
@@ -75,6 +77,11 @@ public function me():ResponseInterface{
 		}
 
 		if(isset($json->message)){
+
+			if($json->message === 'Invalid auth token'){
+				throw new InvalidAccessTokenException($json->message);
+			}
+
 			throw new ProviderException($json->message);
 		}
 

src/Providers/LastFM.php

@@ -11,7 +11,7 @@
 namespace chillerlan\OAuth\Providers;
 
 use chillerlan\HTTP\Utils\{MessageUtil, QueryUtil};
-use chillerlan\OAuth\Core\{AccessToken, OAuthProvider};
+use chillerlan\OAuth\Core\{AccessToken, OAuthProvider, UnauthorizedAccessException};
 use Psr\Http\Message\{RequestInterface, ResponseInterface, StreamInterface, UriInterface};
 use Throwable;
 use function array_merge, in_array, is_array, ksort, md5, sprintf, trigger_error;
@@ -172,6 +172,7 @@ public function request(
 		/** @phan-suppress-next-line PhanTypeMismatchArgumentNullable */
 		$request = $this->requestFactory->createRequest($method, QueryUtil::merge($this->apiURL, $params));
 
+		/** @noinspection PhpParamsInspection */
 		foreach(array_merge($this::HEADERS_API, ($headers ?? [])) as $header => $value){
 			$request = $request->withAddedHeader($header, $value);
 		}
@@ -182,7 +183,14 @@ public function request(
 			$request = $request->withBody($body);
 		}
 
-		return $this->http->sendRequest($request);
+		$response = $this->sendRequest($request);
+
+		// we're throwing here immideately on unauthorized/forbidden
+		if(in_array($response->getStatusCode(), [401, 403], true)){
+			throw new UnauthorizedAccessException;
+		}
+
+		return $response;
 	}
 
 	/**

src/Providers/Mixcloud.php

@@ -11,9 +11,10 @@
 namespace chillerlan\OAuth\Providers;
 
 use chillerlan\HTTP\Utils\MessageUtil;
-use chillerlan\OAuth\Core\{OAuth2Provider};
+use chillerlan\OAuth\Core\{InvalidAccessTokenException, OAuth2Provider};
 use Psr\Http\Message\ResponseInterface;
 use function sprintf;
+use function str_contains;
 
 /**
  * Mixcloud OAuth2
@@ -47,6 +48,11 @@ public function me():ResponseInterface{
 		$json = MessageUtil::decodeJSON($response);
 
 		if(isset($json->error, $json->error->message)){
+
+			if($status === 400 && str_contains($json->error->message, 'invalid access token')){
+				throw new InvalidAccessTokenException($json->error->message);
+			}
+
 			throw new ProviderException($json->error->message);
 		}
 

src/Providers/Slack.php

@@ -11,7 +11,7 @@
 namespace chillerlan\OAuth\Providers;
 
 use chillerlan\HTTP\Utils\MessageUtil;
-use chillerlan\OAuth\Core\{CSRFToken, OAuth2Provider};
+use chillerlan\OAuth\Core\{CSRFToken, InvalidAccessTokenException, OAuth2Provider};
 use Psr\Http\Message\ResponseInterface;
 use function sprintf;
 
@@ -107,6 +107,11 @@ public function me():ResponseInterface{
 		}
 
 		if(isset($json->error)){
+
+			if($json->error === 'invalid_auth'){
+				throw new InvalidAccessTokenException;
+			}
+
 			throw new ProviderException($json->error);
 		}
 

src/Providers/WordPress.php

@@ -11,7 +11,7 @@
 namespace chillerlan\OAuth\Providers;
 
 use chillerlan\HTTP\Utils\MessageUtil;
-use chillerlan\OAuth\Core\{CSRFToken, OAuth2Provider};
+use chillerlan\OAuth\Core\{CSRFToken, InvalidAccessTokenException, OAuth2Provider};
 use Psr\Http\Message\ResponseInterface;
 use function sprintf;
 
@@ -50,6 +50,11 @@ public function me():ResponseInterface{
 		$json = MessageUtil::decodeJSON($response);
 
 		if(isset($json->error, $json->message)){
+
+			if($status === 400 && $json->error === 'invalid_token'){
+				throw new InvalidAccessTokenException($json->message);
+			}
+
 			throw new ProviderException($json->message);
 		}