[feature] Add created_at and error_description to /oauth/token endpoint (#645)

* start fiddling about with oauth server * start returning more helpful errors from oauth * test helpful(ish) token errors * add missing license header
2025-06-05 21:59:39 +02:00 · 2022-06-11 10:39:39 +02:00
parent 2385b51d58
commit 694a490589
14 changed files with 411 additions and 30 deletions
--- a/internal/api/errorhandling.go
+++ b/internal/api/errorhandling.go
@ -125,3 +125,30 @@ func ErrorHandler(c *gin.Context, errWithCode gtserror.WithCode, instanceGet fun
 		genericErrorHandler(c, instanceGet, accept, errWithCode)
 	}
 }
+
+// OAuthErrorHandler is a lot like ErrorHandler, but it specifically returns errors
+// that are compatible with https://datatracker.ietf.org/doc/html/rfc6749#section-5.2,
+// but serializing errWithCode.Error() in the 'error' field, and putting any help text
+// from the error in the 'error_description' field. This means you should be careful not
+// to pass any detailed errors (that might contain sensitive information) into the
+// errWithCode.Error() field, since the client will see this. Use your noggin!
+func OAuthErrorHandler(c *gin.Context, errWithCode gtserror.WithCode) {
+	l := logrus.WithFields(logrus.Fields{
+		"path":  c.Request.URL.Path,
+		"error": errWithCode.Error(),
+		"help":  errWithCode.Safe(),
+	})
+
+	statusCode := errWithCode.Code()
+
+	if statusCode == http.StatusInternalServerError {
+		l.Error("Internal Server Error")
+	} else {
+		l.Debug("handling OAuth error")
+	}
+
+	c.JSON(statusCode, gin.H{
+		"error":             errWithCode.Error(),
+		"error_description": errWithCode.Safe(),
+	})
+}