fix: capture Auth0 error response in WIF token script (refs #127)

The set -e + curl --fail-with-body inside $() caused the script to exit with code 22 and empty stderr, hiding the actual Auth0 error. Switch to writing the body to a temp file and checking HTTP status manually so the error response is visible in logs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-10 18:41:34 -06:00
parent a416f76c21
commit 7bba28154d
1 changed files with 10 additions and 5 deletions
--- a/ocr/scripts/fetch-auth0-token.sh
+++ b/ocr/scripts/fetch-auth0-token.sh
@@ -31,7 +31,10 @@ CLIENT_ID=$(cat "$CLIENT_ID_FILE" | tr -d '[:space:]')
 CLIENT_SECRET=$(cat "$CLIENT_SECRET_FILE" | tr -d '[:space:]')

 # Request M2M token from Auth0
-RESPONSE=$(curl -s --fail-with-body \
+# Write body to temp file, capture HTTP status code separately.
+# Avoids --fail-with-body + set -e which swallows errors inside $().
+BODY_FILE=$(mktemp)
+HTTP_CODE=$(curl -s -w '%{http_code}' -o "$BODY_FILE" \
  --request POST \
  --url "https://${AUTH0_DOMAIN}/oauth/token" \
  --header 'Content-Type: application/json' \
@@ -40,11 +43,13 @@ RESPONSE=$(curl -s --fail-with-body \
    \"client_secret\": \"${CLIENT_SECRET}\",
    \"audience\": \"${AUDIENCE}\",
    \"grant_type\": \"client_credentials\"
-  }")
+  }") || true
+RESPONSE=$(cat "$BODY_FILE")
+rm -f "$BODY_FILE"

-if [ $? -ne 0 ]; then
-  echo "Error: Auth0 token request failed" >&2
-  echo "$RESPONSE" >&2
+if [ "$HTTP_CODE" != "200" ]; then
+  echo "Error: Auth0 token request failed (HTTP $HTTP_CODE)" >&2
+  echo "Response: $RESPONSE" >&2
  exit 1
 fi