oauth2: Share error details with redirect fallback (#982)

Closes #974 Signed-off-by: arekkas <aeneas@ory.am>
ory · Aug 8, 2018 · 123e37e · 123e37e
1 parent 0b722b9
commit 123e37e
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/cmd/server/handler_oauth2_factory.go b/cmd/server/handler_oauth2_factory.go
@@ -196,6 +196,7 @@ func newOAuth2Handler(c *config.Config, frontend, backend *httprouter.Router, cm
 		AccessTokenJWTStrategy: accessTokenJWTStrategy,
 		AccessTokenStrategy:    c.OAuth2AccessTokenStrategy,
 		IDTokenLifespan:        c.GetIDTokenLifespan(),
+		ShareOAuth2Debug:       c.SendOAuth2DebugMessagesToClients,
 	}
 
 	handler.SetRoutes(frontend, backend)

diff --git a/oauth2/handler.go b/oauth2/handler.go
@@ -638,8 +638,13 @@ func (h *Handler) writeAuthorizeError(w http.ResponseWriter, ar fosite.Authorize
 		query := redirectURI.Query()
 		query.Add("error", rfcerr.Name)
 		query.Add("error_description", rfcerr.Description)
-		redirectURI.RawQuery = query.Encode()
+		query.Add("error_hint", rfcerr.Hint)
+
+		if h.ShareOAuth2Debug {
+			query.Add("error_debug", rfcerr.Debug)
+		}
 
+		redirectURI.RawQuery = query.Encode()
 		w.Header().Add("Location", redirectURI.String())
 		w.WriteHeader(http.StatusFound)
 		return

diff --git a/oauth2/handler_struct.go b/oauth2/handler_struct.go
@@ -60,4 +60,6 @@ type Handler struct {
 	ClaimsSupported  string
 	ScopesSupported  string
 	UserinfoEndpoint string
+
+	ShareOAuth2Debug bool
 }