improve error handling

src/main.rs

@@ -132,26 +132,8 @@ async fn login_page_endpoint(req: Request<AppState>) -> tide::Result {
         .config
         .clients
         .get(&query.client_id)
-        .ok_or(OAuthError::new("invalid_client", "Unknown client"))?;
+        // only devs should see this error
-
+        .ok_or(OAuthError::new("invalid_client", "Unrecognized client"))?;
-    // check redirect uri validity
-    if client
-        .redirect_uris
-        .iter()
-        .all(|r| r.as_str() != query.redirect_uri)
-    {
-        return Err(OAuthError::new("invalid_redirect", "").into());
-    }
-
-    if query.response_type != "code" {
-        return redirect_with_query(
-            query.redirect_uri.as_str(),
-            &[
-                ("state", query.state.as_deref()),
-                ("error", Some("unsupported_response_type")),
-            ],
-        );
-    }
 
     Ok(render_login_page(
         &client.name,
@@ -186,8 +168,13 @@ async fn authorize_endpoint(mut req: Request<AppState>) -> tide::Result {
         .iter()
         .all(|r| r.as_str() != query.redirect_uri)
     {
-        // only devs should see this error
+        let mut login_page = render_login_page(
-        return Err(OAuthError::new("invalid_redirect", "").into());
+            &client.name,
+            &req.state().config.issuer_name,
+            "Invalid redirect (contact developer)",
+        );
+        login_page.set_status(400);
+        return Ok(login_page);
     }
 
     if query.response_type != "code" {