Improved error handling in authorization logic.

shrihari-prakash · Oct 27, 2023 · 25b5667 · 25b5667
1 parent 042d97b
commit 25b5667
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/src/service/api/oauth/authorize.all.ts b/src/service/api/oauth/authorize.all.ts
@@ -64,10 +64,22 @@ async function ALL__Authorize(req: Request, res: Response, next: NextFunction) {
       return res.json({ code: code.authorizationCode, state: (req.query.state as string) || uuidv4() });
     }
   } catch (error: any) {
+    const redirectUri = new URL(req.query.redirect_uri as string);
+    redirectUri.searchParams.append("state", req.query.state as string);
     if (!error.name) {
-      return res.json({ error: "unknown_error" });
+      if (Configuration.get("oauth.authorization.enable-redirect")) {
+        redirectUri.searchParams.append("error", "server_error");
+        redirectUri.searchParams.append("error_description", "Server error");
+        return res.redirect(redirectUri.toString());
+      }
+      return res.json({ error: "server_error" });
+    }
+    if (Configuration.get("oauth.authorization.enable-redirect")) {
+      redirectUri.searchParams.append("error", error.name);
+      redirectUri.searchParams.append("error_description", error.message);
+      return res.redirect(redirectUri.toString());
     }
-    res.status(statusCodes.unauthorized).json({ error: error.name, error_description: error.message });
+    return res.status(statusCodes.unauthorized).json({ error: error.name, error_description: error.message });
   }
 }