diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 402e61a08..6de46b023 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -63,6 +63,10 @@ def _get_access_token(code, state): url = f"{base_url}{cli_assert}&{cli_assert_type}&{code_param}&grant_type=authorization_code" headers = {"Authorization": "Bearer %s" % token} response = requests.post(url, headers=headers) + if response.json().get("access_token") is None: + # Capture the response json here so it hopefully shows up in error reports + current_app.logger.error(f"Error when getting access token {response.json()}") + raise KeyError(f"'access_token' {response.json()}") access_token = response.json()["access_token"] return access_token @@ -84,13 +88,17 @@ def _do_login_dot_gov(): code = request.args.get("code") state = request.args.get("state") login_gov_error = request.args.get("error") - if code and state: - access_token = _get_access_token(code, state) - user_email, user_uuid = _get_user_email_and_uuid(access_token) - redirect_url = request.args.get("next") + + if login_gov_error: + current_app.logger.error(f"login.gov error: {login_gov_error}") + raise Exception(f"Could not login with login.gov {login_gov_error}") + elif code and state: # activate the user try: + access_token = _get_access_token(code, state) + user_email, user_uuid = _get_user_email_and_uuid(access_token) + redirect_url = request.args.get("next") user = user_api_client.get_user_by_uuid_or_email(user_uuid, user_email) activate_user(user["id"]) except BaseException as be: # noqa B036 @@ -99,9 +107,6 @@ def _do_login_dot_gov(): return redirect(url_for("main.show_accounts_or_dashboard", next=redirect_url)) - elif login_gov_error: - current_app.logger.error(f"login.gov error: {login_gov_error}") - raise Exception(f"Could not login with login.gov {login_gov_error}") # end login.gov