logto-io · xiaoyijun · Jun 26, 2024 · Jun 26, 2024
@@ -6,6 +6,7 @@
 import { createLocalJWKSet, jwtVerify } from 'jose';
 import type { MiddlewareType, Request } from 'koa';
 import type { IMiddleware, IRouterParamContext } from 'koa-router';
+import { HTTPError } from 'ky';
 import { z } from 'zod';
 
 import { EnvSet } from '#src/env-set/index.js';
@@ -106,6 +107,16 @@
       throw error;
     }
 
+    /**
+     * Handle potential errors when ky makes requests during validation
+     * This may occur when fetching OIDC configuration from the oidc-config endpoint
+     * `TypeError`: typically thrown when the fetch operation fails (e.g., network issues)
+     * `HTTPError`: thrown by ky for non-2xx responses
+     */
+    if (error instanceof TypeError || error instanceof HTTPError) {
+      throw error;
+    }
+
     throw new RequestError({ code: 'auth.unauthorized', status: 401 }, error);
   }
 };