Fix the issue https://github.com/wso2/product-is/issues/21192

[DMHP]

Proposed changes in this pull request

Fix Inconsistent Error Responses in Device Flow

When should this PR be merged

Immediately

Follow-up actions

• Add an integration test to cover this flow
• Add unit tests

Checklist (for reviewing)

General

• Is this PR explained thoroughly? All code changes must be accounted for in the PR description.
• Is the PR labeled correctly?

Functionality

• Are all requirements met? Compare implemented functionality with the requirements specification.
• Does the UI work as expected? There should be no Javascript errors in the console; all resources should load. There should be no unexpected errors. Deliberately try to break the feature to find out if there are corner cases that are not handled.

Code

• Do you fully understand the introduced changes to the code? If not ask for clarification, it might uncover ways to solve a problem in a more elegant and efficient way.
• Does the PR introduce any inefficient database requests? Use the debug server to check for duplicate requests.
• Are all necessary strings marked for translation? All strings that are exposed to users via the UI must be marked for translation.

Tests

• Are there sufficient test cases? Ensure that all components are tested individually; models, forms, and serializers should be tested in isolation even if a test for a view covers these components.
• If this is a bug fix, are tests for the issue in place? There must be a test case for the bug to ensure the issue won’t regress. Make sure that the tests break without the new code to fix the issue.
• If this is a new feature or a significant change to an existing feature? has the manual testing spreadsheet been updated with instructions for manual testing?

Security

• Confirm this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.
• Are all UI and API inputs run through forms or serializers?
• Are all external inputs validated and sanitized appropriately?
• Does all branching logic have a default case?
• Does this solution handle outliers and edge cases gracefully?
• Are all external communications secured and restricted to SSL?

Documentation

• Are changes to the UI documented in the platform docs? If this PR introduces new platform site functionality or changes existing ones, the changes should be documented.
• Are changes to the API documented in the API docs? If this PR introduces new API functionality or changes existing ones, the changes must be documented.
• Are reusable components documented? If this PR introduces components that are relevant to other developers (for instance a mixin for a view or a generic form) they should be documented in the Wiki.

[codecov]

Codecov Report

Attention: Patch coverage is 46.66667% with 24 lines in your changes missing coverage. Please review.

Project coverage is 53.88%. Comparing base (61494ba) to head (0e81592).
Report is 70 commits behind head on master.

Files with missing lines	Patch %	Lines
.../identity/oauth2/device/dao/DeviceFlowDAOImpl.java	0.00%	12 Missing ⚠️
.../identity/oauth2/device/grant/DeviceFlowGrant.java	63.63%	9 Missing and 3 partials ⚠️

Additional details and impacted files

@@              Coverage Diff              @@
##             master    #2587       +/-   ##
=============================================
+ Coverage     41.99%   53.88%   +11.89%     
- Complexity     6005     8504     +2499     
=============================================
  Files           601      632       +31     
  Lines         44553    50603     +6050     
  Branches       7010     8533     +1523     
=============================================
+ Hits          18710    27268     +8558     
+ Misses        22382    19222     -3160     
- Partials       3461     4113      +652     

Flag	Coverage Δ
unit	38.08% <46.66%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Thumimku]

We already imported

org.wso2.carbon.identity.oauth2.device.constants.Constants

in line 36.

We don't need to import this static constant, we can directly use

Constants.SLOW_DOWN

[Thumimku]

we don't need this line right?

[DMHP]

As we need to pass it here, https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/2587/files#diff-04c8d9d96bce4315cd10faf6cee77e67804ef26f765ac63eda3f36ab5767b945R80 we need to specify here.

[Thumimku]

this catch block don't get execute after line 76, cause handleInvalidRequests method throws identityOAuthException anyway.

[Thumimku]

can improve the code with said comments, LGTM. Let's run integration tests for safe side.

[DMHP]

This PR contains a basic set of unit tests to cover the flow I added. However, this flow requires comprehensive unit tests to cover the whole flow. I will work on improving those.

[shashimalcse]

cant we move near to other DOs