fix oidc federation e2e error assertions

.claude/CLAUDE-KNOWLEDGE.md

@@ -367,3 +367,6 @@ A: Invalid `tools` entries are rejected by `requestBodySchema` in `apps/backend/
 
 ## Q: Why did the internal metrics E2E snapshots need to change in April 2026?
 A: The `/api/v1/internal/metrics` response now intentionally includes `analytics_overview.daily_anonymous_visitors_fallback`, `analytics_overview.anonymous_visitors_fallback`, and `active_users_by_country`. Those additions are reflected in `packages/stack-shared/src/interface/admin-metrics.ts` and the backend route, so the E2E snapshots must include them instead of treating them as regressions.
+
+## Q: What body shape should E2E tests expect from backend `StatusError` responses?
+A: `StatusError.getBody()` returns the error message as a plain text response body with `Content-Type: text/plain; charset=utf-8`. E2E tests using `niceBackendFetch` should assert against `response.body` directly, for example `expect(response.body).toBe("invalid_grant")`, not `response.body.error`.

apps/e2e/tests/backend/endpoints/api/v1/auth/oidc-federation/exchange.test.ts

@@ -179,7 +179,7 @@ it("rejects when no trust policies are enabled", async ({ expect }) => {
   const token = await mockIdp.signToken({ sub: "workload-1" }, { audience: "anything" });
   const response = await postExchange({ subject_token: token, projectId });
   expect(response.status).toBe(400);
-  expect(response.body.error).toBe("invalid_grant");
+  expect(response.body).toBe("invalid_grant");
 });
 
 it("rejects when the audience doesn't match the policy", async ({ expect }) => {
@@ -217,7 +217,7 @@ it("rejects when a StringEquals claim condition fails", async ({ expect }) => {
   );
   const response = await postExchange({ subject_token: token, projectId });
   expect(response.status).toBe(400);
-  expect(response.body.error).toBe("invalid_grant");
+  expect(response.body).toBe("invalid_grant");
   expect(JSON.stringify(response.body)).not.toContain("StringEquals");
 });