Passing in unknown scopes causes the login to hang just prior to redirect

[crankycoder]

During testing with MozStumbler, I noticed that if I pass in an unknown scope - in this case 'mozstumbler', the login screen hangs after login. The button remains disabled and I have to cancel. It's not apparent that an error occured as no error message is shown.

I get the same behaviour if I include 'profile:avatar' instead of mozstumbler in the list of scopes.

The login URL I used was :

https://stable.dev.lcip.org/oauth/signin?client_id=d0f6d2ed3c5fcc3b&state=99&scope=profile:email%20profile:display_name%20mozstumbler&redirect_uri=http://mycallback_url_here

[jrgm]

So, the POST to 'https://oauth-stable.dev.lcip.org/v1/authorization' with that list of scopes correctly returns HTTP/1.1 400 Bad Request with {"code":400,"errno":114,"error":"Invalid scopes","message":"Invalid scopes","info":"https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#errors","invalidScopes":["mozstumbler"]}.

This is really a bug for fxa-content-server to handle presentation of the 400 error.

[crankycoder]

I've moved this bug over to fxa-content-server