diff --git a/internal/oidc/token_exchange.go b/internal/oidc/token_exchange.go index 5ed83b5eb..9cbf566d4 100644 --- a/internal/oidc/token_exchange.go +++ b/internal/oidc/token_exchange.go @@ -13,7 +13,6 @@ import ( "github.com/ory/fosite/compose" "github.com/ory/fosite/handler/oauth2" "github.com/ory/fosite/handler/openid" - "github.com/ory/x/errorsx" "github.com/pkg/errors" "go.pinniped.dev/internal/oidc/clientregistry" @@ -75,13 +74,13 @@ func (t *TokenExchangeHandler) PopulateTokenEndpointResponse(ctx context.Context // Check that the currently authenticated client and the client which was originally used to get the access token are the same. if originalRequester.GetClient().GetID() != requester.GetClient().GetID() { // This error message is copied from the similar check in fosite's flow_authorize_code_token.go. - return errorsx.WithStack(fosite.ErrInvalidGrant.WithHint("The OAuth 2.0 Client ID from this request does not match the one from the authorize request.")) + return errors.WithStack(fosite.ErrInvalidGrant.WithHint("The OAuth 2.0 Client ID from this request does not match the one from the authorize request.")) } // Check that the client is allowed to perform this grant type. if !requester.GetClient().GetGrantTypes().Has(tokenExchangeGrantType) { // This error message is trying to be similar to the analogous one in fosite's flow_authorize_code_token.go. - return errorsx.WithStack(fosite.ErrUnauthorizedClient.WithHintf("The OAuth 2.0 Client is not allowed to use token exchange grant \"%s\".", tokenExchangeGrantType)) + return errors.WithStack(fosite.ErrUnauthorizedClient.WithHintf(`The OAuth 2.0 Client is not allowed to use token exchange grant "%s".`, tokenExchangeGrantType)) } // Require that the incoming access token has the pinniped:request-audience and OpenID scopes. diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 981d33435..b465a17d8 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -1748,9 +1748,8 @@ func testSupervisorLogin( require.EqualError(t, err, wantAuthcodeExchangeError) // The authcode exchange has failed, so can't continue the login flow, making this the end of the test case. return - } else { - require.NoError(t, err) } + require.NoError(t, err) expectedIDTokenClaims := []string{"iss", "exp", "sub", "aud", "auth_time", "iat", "jti", "nonce", "rat", "username"} if slices.Contains(downstreamScopes, "groups") { expectedIDTokenClaims = append(expectedIDTokenClaims, "groups")