dahlia / hollo

Federated single-user microblogging software
https://docs.hollo.social/
GNU Affero General Public License v3.0
236 stars 16 forks source link

Ensure /oauth/token endpoint returns OAuth 2 conformant errors #49

Open ThisIsMissEm opened 1 month ago

ThisIsMissEm commented 1 month ago

Currently it can return Zod errors for request input validation, per https://github.com/dahlia/hollo/pull/47#discussion_r1813129826

Example response:

{
  "error": "Invalid request",
  "zod_error": {
    "issues": [
      {
        "expected": "'authorization_code' | 'client_credentials'",
        "received": "undefined",
        "code": "invalid_type",
        "path": [
          "grant_type"
        ],
        "message": "Required"
      }
    ],
    "name": "ZodError"
  }
}

Doesn't conform to:

interface ErrorResponse {
  error: string;
  error_description?: string;
  error_uri?: string;
}

Per https://datatracker.ietf.org/doc/html/rfc6749#section-5.2

ThisIsMissEm commented 1 month ago

So for OAuth endpoints we may not be able to validate via Zod?

dahlia commented 4 weeks ago

We may not be able to utilize zValidator(), but we would be able to manually call Zod in the handler.