Oauth authorization fail produce a generic error message

[wayglem]

Q	A
Bug or feature request?	Bug
Which Swagger/OpenAPI version?	any
Which Swagger-UI version?	3.7.0
How did you install Swagger-UI?	yes
Which browser & version?	Firefox 56
Which operating system?	Linux/Ubuntu

Expected Behavior

When using oauth access_code but it's probably the same for authorization code.
User clicks on Authrorize button and an oauth error occurs (for exmaple unknown client_id).
The authorization server shall informs the client by redirecting to the redirect URI and adding an error query parameter (optionally error_description and error_uri too). c.f RFC
User should see those information when back to swagger-ui in the error message.

Current Behavior

User only gets a harcoded error message

Authorization failed: no accessCode received from the server

Possible Solution

It's possible to get the error, error_description and error_uri in the query params of oauth-redirect page. I can make a PR if someone can confirm that the oauth-redirect.html file is not generated (never worked on react)

[shockey]

Hi @wayglem!

I can make a PR if someone can confirm that the oauth-redirect.html file is not generated (never worked on react)

You're correct: dist/oauth2-redirect.html is not generated 😄 looking forward to a PR!

[antechrestos]

@shockey : is this still ok for you? @wayglem made a PR but no news from your side.
If we miss something, please tell us what we need to do to comply with your requirements.

Thanks 😄

[DonMartin76]

This is unfortunately still not working correctly for the client_credentials flow; fn.fetch throws an error and because of this the user just gets a generic "Error: Unauthorized" or "Error: Bad Request" if e.g. the Authorization Server answers with a 401 or 400 (which is according to the spec).

I will create a PR on this.