fix: handle empty OIDC response

[leoshusar]

Description

Fixes exception when OIDC endpoint returns empty body.

Type of Change

• ✨ New feature (non-breaking change which adds functionality)
• 🛠️ Bug fix (non-breaking change which fixes an issue)
• ❌ Breaking change (fix or feature that would cause existing functionality to change)
• 🧹 Code refactor
• ✅ Build configuration change
• 📝 Documentation
• 🗑️ Chore

Summary by CodeRabbit

• Bug Fixes
  • Improved handling of empty responses from OIDC endpoints to prevent failures when response bodies are empty, improving stability and error resilience.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: abf3701d-da64-4803-8033-7537a0574311

📥 Commits

Reviewing files that changed from the base of the PR and between 0317966 and 2751b84.

📒 Files selected for processing (1)

• packages/oidc_core/lib/src/endpoints/facade.dart

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/oidc_core/lib/src/endpoints/facade.dart

---

📝 Walkthrough

Walkthrough

The _handleResponseRaw method now trims and checks the response body before decoding JSON; if the body is empty it uses an empty Map<String, dynamic> instead of attempting to decode response.bodyBytes. Control flow for error fields and status codes is unchanged.

Changes

Cohort / File(s)	Summary
Empty Response Body Guard packages/oidc_core/lib/src/endpoints/facade.dart	Trimmed and guarded response body decoding: if the trimmed body is empty, use an empty Map<String, dynamic>; otherwise decode JSON from response.bodyBytes. Existing error-field and status-code checks remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A hush where bytes once liked to play,
I peek, I trim, I clear the way—
No JSON fight, no frantic cry,
An empty map waves soft goodbye.
Hop, patch, and back to the rye. 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: handle empty OIDC response' accurately and concisely summarizes the main change in the pull request: handling empty response bodies from OIDC endpoints.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/oidc_core/lib/src/endpoints/facade.dart`:
- Around line 34-36: The current assignment for `body` only checks
`response.bodyBytes.isNotEmpty` and will attempt `jsonDecode` on whitespace-only
payloads; update the logic in the `body` assignment to first decode
`response.bodyBytes` to a UTF-8 string, then check `decoded.trim().isNotEmpty`
before calling `jsonDecode`, otherwise return an empty `Map<String, dynamic>`;
this change touches the `body` variable construction that references
`response.bodyBytes` and `jsonDecode`.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7c47d8df-667b-470e-b4fa-5cfbcab0931b

📥 Commits

Reviewing files that changed from the base of the PR and between f27fe3c and 0317966.

📒 Files selected for processing (1)

• packages/oidc_core/lib/src/endpoints/facade.dart

[ahmednfwela]

is this causing a bug that is not handled by the current try catch approach?

[leoshusar]

Yes, sorry, could've mentioned it.

I'm trying to call revokeRefreshToken and revokeAccessToken.
When I get an empty body from /revoke, the jsonDecode throws an exception, which is caught by the catch-all catch (e, st) handler, which then throws OidcException, even though the response is 200 OK.