From f15de038fe0293afd0263e796285153da36ce2b1 Mon Sep 17 00:00:00 2001
From: Konstantin Wohlwend <n2d4xc@gmail.com>
Date: Mon, 13 Jan 2025 10:25:07 -0800
Subject: [PATCH] More descriptive error message when invalid scopes are
 requested

---
 .../api/v1/auth/oauth/callback/[provider_id]/route.tsx    | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/backend/src/app/api/v1/auth/oauth/callback/[provider_id]/route.tsx b/apps/backend/src/app/api/v1/auth/oauth/callback/[provider_id]/route.tsx
index ec987200d..d4f73e0db 100644
--- a/apps/backend/src/app/api/v1/auth/oauth/callback/[provider_id]/route.tsx
+++ b/apps/backend/src/app/api/v1/auth/oauth/callback/[provider_id]/route.tsx
@@ -11,7 +11,7 @@ import { KnownError, KnownErrors } from "@stackframe/stack-shared";
 import { ProjectsCrud } from "@stackframe/stack-shared/dist/interface/crud/projects";
 import { yupMixed, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StackAssertionError, StatusError, captureError } from "@stackframe/stack-shared/dist/utils/errors";
-import { extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
+import { deindent, extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
 import { cookies } from "next/headers";
 import { redirect } from "next/navigation";
 import { oauthResponseToSmartResponse } from "../../oauth-helpers";
@@ -326,7 +326,11 @@ const handler = createSmartRouteHandler({
           // which scopes are being requested, and by whom?
           // I think this is a bug in the client? But just to be safe, let's log an error to make sure that it is not our fault
           // TODO: remove the captureError once you see in production that our own clients never trigger this
-          captureError("outer-oauth-callback-invalid-scope", new StackAssertionError("A client requested an invalid scope. Is this a bug in the client, or our fault?", { outerInfo, cause: error }));
+          captureError("outer-oauth-callback-invalid-scope", new StackAssertionError(deindent`
+            A client requested an invalid scope. Is this a bug in the client, or our fault?
+
+              Scopes requested: ${oauthRequest.query?.scope}
+          `, { outerInfo, cause: error, scopes: oauthRequest.query?.scope }));
           throw new StatusError(400, "Invalid scope requested. Please check the scopes you are requesting.");
         }
         throw error;