fix(backchannel): expose headers on slow_down errors (HTTP 429s)

pmalouin · pmalouin · commit 4fdcd26cd6a2 · 2025-09-17T14:46:01.000-04:00
diff --git a/auth0/exceptions.py b/auth0/exceptions.py
@@ -23,8 +23,8 @@ def __str__(self) -> str:
 
 
 class RateLimitError(Auth0Error):
-    def __init__(self, error_code: str, message: str, reset_at: int) -> None:
-        super().__init__(status_code=429, error_code=error_code, message=message)
+    def __init__(self, error_code: str, message: str, reset_at: int, headers: Any | None = None) -> None:
+        super().__init__(status_code=429, error_code=error_code, message=message, headers=headers)
         self.reset_at = reset_at
 
 
diff --git a/auth0/rest.py b/auth0/rest.py
@@ -289,6 +289,7 @@ def content(self) -> Any:
                     error_code=self._error_code(),
                     message=self._error_message(),
                     reset_at=reset_at,
+                    headers=self._headers,
                 )
             if self._error_code() == "mfa_required":
                 raise Auth0Error(
diff --git a/auth0/test/authentication/test_base.py b/auth0/test/authentication/test_base.py
@@ -158,6 +158,10 @@ def test_post_rate_limit_error(self, mock_request):
         self.assertEqual(context.exception.message, "desc")
         self.assertIsInstance(context.exception, RateLimitError)
         self.assertEqual(context.exception.reset_at, 9)
+        self.assertIsNotNone(context.exception.headers)
+        self.assertEqual(context.exception.headers["x-ratelimit-limit"], "3")
+        self.assertEqual(context.exception.headers["x-ratelimit-remaining"], "6")
+        self.assertEqual(context.exception.headers["x-ratelimit-reset"], "9")
 
     @mock.patch("requests.request")
     def test_post_rate_limit_error_without_headers(self, mock_request):
@@ -177,6 +181,8 @@ def test_post_rate_limit_error_without_headers(self, mock_request):
         self.assertEqual(context.exception.message, "desc")
         self.assertIsInstance(context.exception, RateLimitError)
         self.assertEqual(context.exception.reset_at, -1)
+        self.assertIsNotNone(context.exception.headers)
+        self.assertEqual(context.exception.headers, {})
 
     @mock.patch("requests.request")
     def test_post_error_with_code_property(self, mock_request):
diff --git a/auth0/test/authentication/test_get_token.py b/auth0/test/authentication/test_get_token.py
@@ -6,7 +6,7 @@
 
 from cryptography.hazmat.primitives import asymmetric, serialization
 
-from ... import Auth0Error
+from ...exceptions import RateLimitError
 from ...authentication.get_token import GetToken
 
 
@@ -339,22 +339,22 @@ def test_backchannel_login(self, mock_post):
         )
 
     @mock.patch("requests.request")
-    def test_backchannel_login_headers_on_failure(self, mock_requests_request):
+    def test_backchannel_login_headers_on_slow_down(self, mock_requests_request):
         response = requests.Response()
-        response.status_code = 400
+        response.status_code = 429
         response.headers = {"Retry-After": "100"}
         response._content = b'{"error":"slow_down"}'
         mock_requests_request.return_value = response
 
         g = GetToken("my.domain.com", "cid", client_secret="csec")
 
-        with self.assertRaises(Auth0Error) as context:
+        with self.assertRaises(RateLimitError) as context:
             g.backchannel_login(
                 auth_req_id="reqid",
                 grant_type="urn:openid:params:grant-type:ciba",
             )
         self.assertEqual(context.exception.headers["Retry-After"], "100")
-        self.assertEqual(context.exception.status_code, 400)
+        self.assertEqual(context.exception.status_code, 429)
 
     @mock.patch("auth0.rest.RestClient.post")
     def test_connection_login(self, mock_post):
diff --git a/auth0/test/management/test_rest.py b/auth0/test/management/test_rest.py
@@ -278,6 +278,10 @@ def test_get_rate_limit_error(self, mock_request):
         self.assertEqual(context.exception.message, "message")
         self.assertIsInstance(context.exception, RateLimitError)
         self.assertEqual(context.exception.reset_at, 9)
+        self.assertIsNotNone(context.exception.headers)
+        self.assertEqual(context.exception.headers["x-ratelimit-limit"], "3")
+        self.assertEqual(context.exception.headers["x-ratelimit-remaining"], "6")
+        self.assertEqual(context.exception.headers["x-ratelimit-reset"], "9")
 
         self.assertEqual(rc._metrics["retries"], 0)
 
@@ -300,6 +304,8 @@ def test_get_rate_limit_error_without_headers(self, mock_request):
         self.assertEqual(context.exception.message, "message")
         self.assertIsInstance(context.exception, RateLimitError)
         self.assertEqual(context.exception.reset_at, -1)
+        self.assertIsNotNone(context.exception.headers)
+        self.assertEqual(context.exception.headers, {})
 
         self.assertEqual(rc._metrics["retries"], 1)
 

Original file line number	Diff line number	Diff line change
`@@ -289,6 +289,7 @@ def content(self) -> Any:`
`289`	`289`	`error_code=self._error_code(),`
`290`	`290`	`message=self._error_message(),`
`291`	`291`	`reset_at=reset_at,`
	`292`	`+ headers=self._headers,`
`292`	`293`	`)`
`293`	`294`	`if self._error_code() == "mfa_required":`
`294`	`295`	`raise Auth0Error(`