error in keyflow's RoundTrip is misleading

[hown3d]

We ran into an issue the other day to debug why requests to an API endpoint fail.
The SDK was configured to use the key flow authentication but failed to get an access token for the configured STACKIT service account key. The error looked something like this:

URL: "https://ske.api.eu01.dev.stackit.cloud/v1/projects/XXXXX-96d3-XXXX-a2a2-5eff15f63074/clusters/e2e-juqgdz4",
Err: <*fmt.wrapError | 0xc0004af380>{
     msg: "get new access token: , status code 400, Body: {\"timeStamp\":\"2024-08-08T14:37:03.450943101\",\"path\":\"/token\",\"status\":400,\"error\":\"Bad Request\",\"message\":\"Key with kid XXXXX-a8fb-4c18-ae5e-XXXXX was not found\"}\n",
     err: <*oapierror.GenericOpenAPIError | 0xc000884440>{
          StatusCode: 400,
          Body: "{\"timeStamp\":\"2024-08-08T14:37:03.450943101\",\"path\":\"/token\",\"status\":400,\"error\":\"Bad Request\",\"message\":\"Key with kid XXXXX-a8fb-4c18-ae5e-XXXXX was not found\"}",
          ErrorMessage: "",
          Model: nil,
      },
 },

The error returned is really misleading since the key flow authentication just returns a generic error in RoundTrip if the retrieval of an access token fails.

stackit-sdk-go/core/clients/key_flow.go

Lines 165 to 176 in 0c4f21e

	func (c *KeyFlow) RoundTrip(req *http.Request) (*http.Response, error) {
	if c.client == nil {
	return nil, fmt.Errorf("please run Init()")
	}
	accessToken, err := c.GetAccessToken()
	if err != nil {
	return nil, err
	}
	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
	return c.doer(req)
	}

I would suspect to get a more meaningful error, maybe even a typed one, to look out for authentication problems.

[GokceGK]

Hi @hown3d,

thanks a lot for getting in touch with us and reporting the issue. We will verify the enhancement possibilities and apply them accordingly. We will inform you here about the progress.