error handling

pkg/op/error.go

@@ -2,6 +2,7 @@ package op
 
 import (
 	"net/http"
+	"net/url"
 
 	"github.com/caos/oidc/pkg/oidc"
 	"github.com/caos/oidc/pkg/utils"
@@ -92,20 +93,20 @@ func (e *OAuthError) AuthRequestResponse(w http.ResponseWriter, r *http.Request,
 		http.Error(w, e.Error(), http.StatusBadRequest)
 		return
 	}
-	url := authReq.GetRedirectURI()
+	callback := authReq.GetRedirectURI()
 	if authReq.GetResponseType() == oidc.ResponseTypeCode {
-		url += "?"
+		callback += "?"
 	} else {
-		url += "#"
+		callback += "#"
 	}
-	url += "error=" + string(e.ErrorType)
+	callback += "error=" + string(e.ErrorType)
 	if e.Description != "" {
-		url += "&error_description=" + e.Description
+		callback += "&error_description=" + url.QueryEscape(e.Description)
 	}
 	if authReq.GetState() != "" {
-		url += "&state=" + authReq.GetState()
+		callback += "&state=" + authReq.GetState()
 	}
-	http.Redirect(w, r, url, http.StatusFound)
+	http.Redirect(w, r, callback, http.StatusFound)
 }
 
 func (e *OAuthError) Error() string {

pkg/rp/default_rp.go

@@ -124,13 +124,17 @@ func (p *DefaultRP) CodeExchangeHandler(callback func(http.ResponseWriter, *http
 			http.Error(w, "failed to get state: "+err.Error(), http.StatusUnauthorized)
 			return
 		}
-		tokens, err := p.CodeExchange(r.Context(), r.URL.Query().Get("code"))
+		params := r.URL.Query()
+		if params.Get("code") != "" {
+			tokens, err := p.CodeExchange(r.Context(), params.Get("code"))
 			if err != nil {
 				http.Error(w, "failed to exchange token: "+err.Error(), http.StatusUnauthorized)
 				return
 			}
 			callback(w, r, tokens, state)
 		}
+		w.Write([]byte(params.Get("error")))
+	}
 }
 
 // func (p *DefaultRP) Introspect(ctx context.Context, accessToken string) (oidc.TokenIntrospectResponse, error) {