coder · Emyrk · Jan 10, 2024 · Jan 10, 2024 · Jan 10, 2024
diff --git a/coderd/externalauth/externalauth.go b/coderd/externalauth/externalauth.go
@@ -321,7 +321,14 @@ func (c *DeviceAuth) AuthorizeDevice(ctx context.Context) (*codersdk.ExternalAut
 	}
 	err = json.NewDecoder(resp.Body).Decode(&r)
 	if err != nil {
-		return nil, err
+		// Some status codes do not return json payloads, and we should
+		// return a better error.
+		switch resp.StatusCode {
+		case http.StatusTooManyRequests:
+			return nil, fmt.Errorf("rate limit hit, unable to authorize device. please try again later")
+		default:
+			return nil, err
+		}
 	}
 	if r.ErrorDescription != "" {
 		return nil, xerrors.New(r.ErrorDescription)

diff --git a/coderd/externalauth_test.go b/coderd/externalauth_test.go
@@ -279,6 +279,28 @@ func TestExternalAuthDevice(t *testing.T) {
 		require.NoError(t, err)
 		require.True(t, auth.Authenticated)
 	})
+	t.Run("TooManyRequests", func(t *testing.T) {
+		t.Parallel()
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusTooManyRequests)
+			// Github returns an html payload for this error.
+			_, _ = w.Write([]byte(`Please wait a few minutes before you try again`))
+		}))
+		defer srv.Close()
+		client := coderdtest.New(t, &coderdtest.Options{
+			ExternalAuthConfigs: []*externalauth.Config{{
+				ID: "test",
+				DeviceAuth: &externalauth.DeviceAuth{
+					ClientID: "test",
+					CodeURL:  srv.URL,
+					Scopes:   []string{"repo"},
+				},
+			}},
+		})
+		coderdtest.CreateFirstUser(t, client)
+		_, err := client.ExternalAuthDeviceByID(context.Background(), "test")
+		require.ErrorContains(t, err, "rate limit hit")
+	})
 }
 
 // nolint:bodyclose