From 99e7b328a47e15019703569f82b857d09b651851 Mon Sep 17 00:00:00 2001
From: Jun Siang Cheah <git@jscheah.me>
Date: Mon, 24 Jun 2024 10:43:53 +0800
Subject: [PATCH] refac: add better logging for oauth errors

---
 backend/main.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index 1ba6ce0f3..0cd12f16c 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -1883,17 +1883,19 @@ async def oauth_callback(provider: str, request: Request, response: Response):
     try:
         token = await client.authorize_access_token(request)
     except Exception as e:
-        log.error(f"OAuth callback error: {e}")
+        log.warning(f"OAuth callback error: {e}")
         raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
     user_data: UserInfo = token["userinfo"]
 
     sub = user_data.get("sub")
     if not sub:
+        log.warning(f"OAuth callback failed, sub is missing: {user_data}")
         raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
     provider_sub = f"{provider}@{sub}"
     email = user_data.get("email", "").lower()
     # We currently mandate that email addresses are provided
     if not email:
+        log.warning(f"OAuth callback failed, email is missing: {user_data}")
         raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
 
     # Check if the user exists
@@ -1958,7 +1960,9 @@ async def oauth_callback(provider: str, request: Request, response: Response):
                     },
                 )
         else:
-            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
+            raise HTTPException(
+                status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.ACCESS_PROHIBITED
+            )
 
     jwt_token = create_token(
         data={"id": user.id},