ℹ️ If you have a question, please post it on the Okta Developer Forum instead. Issues in this repository are reserved for bug reports and feature requests only.

I'm submitting a

• bug report
• feature request

Background info

We use a gateway that monitors the traffic to the actual login APIs to block malicious actors. When that happens, the call returns as an HTTP 4xx error with no payload.
But OKTA SDK expects to always have a payload with errorCode when a failure is encountered, so DefaultAuthenticationClient.translateException() will throw a NullPointerException

Expected behavior

The SDK should gracefully handle the no-payload scenario and ideally returns the HTTP code so the app can handle it appropriately (e.g. logs the user out if it's blocked by the gateway for security reasons, show an error message if it's HTTP 500, etc)

What went wrong?

See Background info

Steps to reproduce

1. Use Charles to intercept one of the API calls
2. Change HTTP status code to 4xx, and remove the payload
3. A NullPointerException is thrown by AuthenticationClient.authenticate()

SDK Version

2.0.2