diff --git a/backend/main.py b/backend/main.py index 1ba6ce0f3..0cd12f16c 100644 --- a/backend/main.py +++ b/backend/main.py @@ -1883,17 +1883,19 @@ async def oauth_callback(provider: str, request: Request, response: Response): try: token = await client.authorize_access_token(request) except Exception as e: - log.error(f"OAuth callback error: {e}") + log.warning(f"OAuth callback error: {e}") raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED) user_data: UserInfo = token["userinfo"] sub = user_data.get("sub") if not sub: + log.warning(f"OAuth callback failed, sub is missing: {user_data}") raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED) provider_sub = f"{provider}@{sub}" email = user_data.get("email", "").lower() # We currently mandate that email addresses are provided if not email: + log.warning(f"OAuth callback failed, email is missing: {user_data}") raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED) # Check if the user exists @@ -1958,7 +1960,9 @@ async def oauth_callback(provider: str, request: Request, response: Response): }, ) else: - raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED) + raise HTTPException( + status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.ACCESS_PROHIBITED + ) jwt_token = create_token( data={"id": user.id},