Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This pull request implements a comprehensive OAuth error handling system that provides user-friendly error pages for browser requests while maintaining JSON responses for API clients. The changes standardize error responses across the OAuth authorization flow and improve the user experience when authorization errors occur.
Changes:
- Added a new OAuth error page (
/oauth/error) that displays user-friendly error messages with appropriate styling and navigation options - Implemented browser vs API request detection to serve HTML error pages to browsers and JSON responses to API clients
- Standardized error response format to use
erroranderror_descriptionfields consistently across the OAuth flow
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
app/oauth/error/page.tsx |
New error page component that displays OAuth errors with user-friendly messages and error code display |
app/oauth/error/back-button.tsx |
Client-side back button component for navigation away from error page |
app/api/oauth/authorize/route.ts |
Updated authorization endpoint with browser detection and centralized error response handling via new helper functions |
e2e/oauth/error-page.spec.ts |
Comprehensive end-to-end tests covering browser requests, API requests, and direct error page access |
e2e/oauth/public-client.spec.ts |
Updated test assertions to match new standardized error response format |
e2e/oauth/oidc.spec.ts |
Updated test assertions to match new standardized error response format |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <button | ||
| onClick={() => window.history.back()} | ||
| className="text-sm text-primary hover:underline" | ||
| > | ||
| ← Go Back | ||
| </button> |
There was a problem hiding this comment.
The back button should use the UI Button component from "@/components/ui/button" for consistency with the rest of the codebase. All other interactive buttons in the application use this component, which provides proper styling, accessibility features, and consistent behavior. Consider importing and using the Button component with variant="ghost" or variant="link" to match the intended styling.
|
|
||
| if (!client) { | ||
| return NextResponse.json({ error: "Invalid client_id" }, { status: 400 }); | ||
| return errorResponse(request, "invalid_client", "Client not found", 400); |
There was a problem hiding this comment.
The error description "Client not found" is inconsistent with the default error message for "invalid_client" defined in the error page component, which says "The client identifier is invalid or not found." Consider using a consistent message by either:
- Changing this to "The client identifier is invalid or not found" to match the default message
- Or update the default message in the error page to match this shorter version
Note that when an error_description is provided in the errorResponse call, it overrides the default message in the error page, so these inconsistencies will be visible to users.
| return errorResponse(request, "invalid_client", "Client not found", 400); | |
| return errorResponse( | |
| request, | |
| "invalid_client", | |
| "The client identifier is invalid or not found.", | |
| 400 | |
| ); |
1 participant
No description provided.