From 09bcb01032a21a4bfa0c478ea8ae66ec8ace957a Mon Sep 17 00:00:00 2001
From: Mark Gregson <mark.gregson@anu.edu.au>
Date: Thu, 6 Jun 2019 14:08:18 +1000
Subject: Check for authorization response errors

---
 oauthlib/oauth2/rfc6749/parameters.py   | 9 ++++++---
 tests/oauth2/rfc6749/test_parameters.py | 9 ++++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py
index 6b9d630..df724ee 100644
--- a/oauthlib/oauth2/rfc6749/parameters.py
+++ b/oauthlib/oauth2/rfc6749/parameters.py
@@ -264,12 +264,15 @@ def parse_authorization_code_response(uri, state=None):
     query = urlparse.urlparse(uri).query
     params = dict(urlparse.parse_qsl(query))
 
-    if not 'code' in params:
-        raise MissingCodeError("Missing code parameter in response.")
-
     if state and params.get('state', None) != state:
         raise MismatchingStateError()
 
+    if 'error' in params:
+        raise_from_error(params.get('error'), params)
+
+    if not 'code' in params:
+        raise MissingCodeError("Missing code parameter in response.")
+
     return params
 
 
diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py
index c42f516..0d293cc 100644
--- a/tests/oauth2/rfc6749/test_parameters.py
+++ b/tests/oauth2/rfc6749/test_parameters.py
@@ -73,7 +73,8 @@ class ParameterTests(TestCase):
     error_nocode = 'https://client.example.com/cb?state=xyz'
     error_nostate = 'https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA'
     error_wrongstate = 'https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=abc'
-    error_response = 'https://client.example.com/cb?error=access_denied&state=xyz'
+    error_denied = 'https://client.example.com/cb?error=access_denied&state=xyz'
+    error_invalid = 'https://client.example.com/cb?error=invalid_request&state=xyz'
 
     implicit_base = 'https://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA&scope=abc&'
     implicit_response = implicit_base + 'state={0}&token_type=example&expires_in=3600'.format(state)
@@ -180,8 +181,10 @@ class ParameterTests(TestCase):
 
         self.assertRaises(MissingCodeError, parse_authorization_code_response,
                 self.error_nocode)
-        self.assertRaises(MissingCodeError, parse_authorization_code_response,
-                self.error_response)
+        self.assertRaises(AccessDeniedError, parse_authorization_code_response,
+                self.error_denied)
+        self.assertRaises(InvalidRequestFatalError, parse_authorization_code_response,
+                self.error_invalid)
         self.assertRaises(MismatchingStateError, parse_authorization_code_response,
                 self.error_nostate, state=self.state)
         self.assertRaises(MismatchingStateError, parse_authorization_code_response,
-- 
cgit v1.2.1