From c27f721c3ecfccd2eecaf55309a90080747f320d Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Wed, 6 Apr 2022 17:00:20 +0200
Subject: [PATCH] Return proper errors on the OAuth token endpoint

---
 crates/handlers/src/oauth2/token.rs | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/crates/handlers/src/oauth2/token.rs b/crates/handlers/src/oauth2/token.rs
index ff0eb47f9..2fde3d522 100644
--- a/crates/handlers/src/oauth2/token.rs
+++ b/crates/handlers/src/oauth2/token.rs
@@ -45,6 +45,7 @@ use mas_storage::{
     DatabaseInconsistencyError, PostgresqlBackend,
 };
 use oauth2_types::{
+    errors::{INVALID_CLIENT, INVALID_GRANT, INVALID_REQUEST, SERVER_ERROR, UNAUTHORIZED_CLIENT},
     requests::{
         AccessTokenRequest, AccessTokenResponse, AuthorizationCodeGrant, RefreshTokenGrant,
     },
@@ -108,8 +109,20 @@ impl From<RefreshTokenLookupError> for RouteError {
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
-        // TODO
-        StatusCode::INTERNAL_SERVER_ERROR.into_response()
+        match self {
+            Self::Internal(_) | Self::Anyhow(_) => {
+                (StatusCode::INTERNAL_SERVER_ERROR, Json(SERVER_ERROR))
+            }
+            Self::BadRequest => (StatusCode::BAD_REQUEST, Json(INVALID_REQUEST)),
+            Self::ClientNotFound | Self::ClientCredentialsVerification(_) => {
+                (StatusCode::UNAUTHORIZED, Json(INVALID_CLIENT))
+            }
+            Self::ClientNotAllowed | Self::UnauthorizedClient => {
+                (StatusCode::UNAUTHORIZED, Json(UNAUTHORIZED_CLIENT))
+            }
+            Self::InvalidGrant => (StatusCode::BAD_REQUEST, Json(INVALID_GRANT)),
+        }
+        .into_response()
     }
 }