bug: Graceful handling of an expired refresh token

[iberflow]

Describe the bug

Fetching user info (FetchUserInfo) with an expired refresh token returns a string error with JSON inside. The problem is - it's super generic and compared to the audit logs in logto dashboard it provides 0 explanation as to what is happening and how to handle it.

core/parse_response.go contains parseDataFromResponse function which returns:

fmt.Errorf("unexpected status code: %d, response body: %s", response.StatusCode, body)

unexpected status code: 400, response body: {\"code\":\"oidc.invalid_grant\",\"message\":\"Grant request is invalid.\",\"error_uri\":\"https://openid.sh/debug/invalid_grant\",\"error\":\"invalid_grant\",\"error_description\":\"grant request is invalid\"}"}

This essentially produces a 500 error on my end because I can't use errors.Is (like with ErrNotAuthenticated and even with string matching there's no relevant info that I can make a good UX decision.

I'm not an expert with Logto/OIDC and all that, but it feels like I can't just assume that this means an expired refresh token as the error article says it can mean a bunch of things.

So how do I approach this?

Expected behavior

Errors that the SDK produces should be handleable, this is especially relevant for errors that the SDK consumer can convert into user actions (i.e. re-login).

How to reproduce?

call FetchUserInfo with an expired refresh token.

Environment

Self-hosted (Docker image)

Screenshots

No response