Skip to content

feat: raise NoOverkizUserError for RESOURCE_ACCESS_DENIED "No such user account"#2178

Merged
iMicknl merged 1 commit into
mainfrom
feat/no-overkiz-user-error
Jul 8, 2026
Merged

feat: raise NoOverkizUserError for RESOURCE_ACCESS_DENIED "No such user account"#2178
iMicknl merged 1 commit into
mainfrom
feat/no-overkiz-user-error

Conversation

@iMicknl

@iMicknl iMicknl commented Jul 8, 2026

Copy link
Copy Markdown
Owner

Summary

A valid Somfy account can authenticate via OAuth yet be rejected on the first authenticated Overkiz call (e.g. POST events/register during login()) with:

HTTP 403
{ "errorCode": "RESOURCE_ACCESS_DENIED", "error": "No such user account : <email>" }

This happens because the plain SSO token is not bound to an Overkiz user on the classic single-endpoint host — these accounts need the site-scoped multi-account flow. Previously this fell through to a bare ResourceAccessDeniedError, which downstream (Home Assistant) surfaces as a generic "unknown error" + logged stack trace.

Change

  • New NoOverkizUserError(ResourceAccessDeniedError) exception.
  • Mapped in the primary dispatch only under RESOURCE_ACCESS_DENIED, so the existing AUTHENTICATION_ERROR + "No such user account" → UnknownUserError login path (unsupported-hardware / Somfy Protect) is untouched.
  • Test + fixture built from the real captured 403 response (email redacted).

Why not UnknownUserError?

UnknownUserError means unsupported hardware (Somfy Protect / no supported devices). These multi-account Somfy accounts do have serviceable devices — they just require the site-scoped flow. Reusing UnknownUserError would tell users their hardware is unsupported and steer them away from the flow that actually works.

Follow-up (not in this PR)

Home Assistant's config flow can catch NoOverkizUserError on the classic Server.SOMFY_EUROPE path to point users at the multi-account login. That belongs with the Somfy multi-account work.

…er account"

A valid Somfy account can authenticate via OAuth yet be rejected on the first
authenticated Overkiz call (e.g. POST events/register during login) with a 403
RESOURCE_ACCESS_DENIED "No such user account" — because the plain SSO token is
not bound to an Overkiz user on the classic endpoint. These accounts need the
site-scoped multi-account flow.

Previously this fell through to a bare ResourceAccessDeniedError. Add a
dedicated NoOverkizUserError subclass, mapped only under RESOURCE_ACCESS_DENIED
so the existing AUTHENTICATION_ERROR "No such user account" -> UnknownUserError
login path (unsupported-hardware / Somfy Protect) is unchanged.
@github-actions github-actions Bot added the feature New feature or capability label Jul 8, 2026
@iMicknl iMicknl marked this pull request as ready for review July 8, 2026 15:00
@iMicknl iMicknl requested a review from tetienne as a code owner July 8, 2026 15:00
Copilot AI review requested due to automatic review settings July 8, 2026 15:00

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@iMicknl iMicknl merged commit 4f6624c into main Jul 8, 2026
11 checks passed
@iMicknl iMicknl deleted the feat/no-overkiz-user-error branch July 8, 2026 22:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

feature New feature or capability

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants