Updated OAuth2 error formatting

andris9 · andris9 · commit b9d504eec4eb · 2025-04-09T21:19:00.000+03:00
diff --git a/lib/oauth/gmail.js b/lib/oauth/gmail.js
@@ -19,19 +19,20 @@ const checkForFlags = (err, isPrincipal) => {
         return false;
     }
 
-    let { error, error_description: description } = err;
+    const { error, error_description: description } = err;
 
     if (error && typeof error === 'object') {
         let activationLink;
         if (/API has not been used/.test(error.message) && Array.isArray(error.details)) {
-            for (let detail of error.details) {
+            for (const detail of error.details) {
                 if (!detail || !Array.isArray(detail.links)) {
                     continue;
                 }
                 activationLink = (detail.links.find(link => /Google developers console API activation/.test(link.description) && link.url) || {}).url;
                 if (activationLink) {
                     return {
-                        message: 'Gmail API needs to be enabled before it can be used',
+                        message: 'Please enable the Gmail API in your Google Developer Console to use this feature.',
+                        code: 'GMAIL_API_NOT_ENABLED',
                         url: activationLink
                     };
                 }
@@ -40,44 +41,54 @@ const checkForFlags = (err, isPrincipal) => {
 
         if (/insufficient authentication scopes/i.test(error.message)) {
             return {
-                message: 'EmailEngine can’t process Gmail API requests because the configured OAuth2 permission scopes are insufficient'
+                message:
+                    'The current OAuth2 permission scopes are not sufficient to process Gmail API requests. Please update the scopes in your configuration.',
+                code: 'INSUFFICIENT_AUTH_SCOPES'
             };
         }
 
         if (/Invalid topicName does not match/.test(error.message)) {
             return {
-                message: 'Cloud Pub/Sub and Gmail API OAuth2 applications must be for the same project'
+                message:
+                    'There is a mismatch between your Cloud Pub/Sub configuration and the Gmail API OAuth2 application project. Please ensure both are associated with the same project.',
+                code: 'PROJECT_MISMATCH'
             };
         }
     }
 
     if (error === 'invalid_client' && /The OAuth client was not found/i.test(description)) {
         return {
-            message: 'OAuth Client ID for Google is invalid'
+            message: 'The OAuth Client ID is invalid. Please verify that your Google integration is configured with the correct Client ID.',
+            code: 'INVALID_CLIENT_ID'
         };
     }
 
     if (error === 'invalid_client' && /Unauthorized/i.test(description)) {
         return {
-            message: 'OAuth Client Secret for Google is invalid'
+            message: 'The OAuth Client Secret is incorrect. Please verify that you have provided the correct Client Secret for your Google integration.',
+            code: 'INVALID_CLIENT_SECRET'
         };
     }
 
     if (error === 'unauthorized_client' && /Client is unauthorized to retrieve access tokens/i.test(description)) {
         return {
-            message: 'Verify OAuth2 scopes and domain-wide delegation setup for you project'
+            message:
+                'The client is not authorized to retrieve access tokens. Check your OAuth2 scopes and ensure domain-wide delegation is set up correctly for your project.',
+            code: 'UNAUTHORIZED_CLIENT'
         };
     }
 
     if (error === 'invalid_request' && /Invalid principal/i.test(description)) {
         return {
-            message: 'OAuth Client Email for Google is invalid'
+            message: 'The OAuth Client Email provided is invalid. Please review your Google integration settings and correct the email if needed.',
+            code: 'INVALID_CLIENT_EMAIL'
         };
     }
 
     if (isPrincipal && error === 'invalid_grant' && /account not found/i.test(description)) {
         return {
-            message: 'Invalid Service Client Email'
+            message: 'The Service Client Email is invalid or unrecognized. Please verify that your service account credentials are correct.',
+            code: 'INVALID_SERVICE_CLIENT_EMAIL'
         };
     }
 
@@ -495,8 +506,11 @@ class GmailOauth {
                 if (flag) {
                     await this.setFlag(flag);
                     err.tokenRequest.flag = flag;
+                    if (flag.code && !err.code) {
+                        err.code = flag.code;
+                    }
                 }
-            } catch (err) {
+            } catch (E) {
                 // ignore
             } finally {
                 if (this.logger) {
diff --git a/lib/oauth/outlook.js b/lib/oauth/outlook.js
@@ -59,24 +59,27 @@ const checkForFlags = err => {
         return false;
     }
 
-    let { error, error_description: description } = err;
+    const { error, error_description: description } = err;
 
     if (error === 'invalid_client' && /AADSTS7000222/i.test(description)) {
         return {
-            message: 'OAuth Client Secret for Outlook is either expired or not yet valid',
+            message: 'The Outlook OAuth Client Secret is either expired or not yet valid. Please update your secret accordingly.',
+            code: 'OUTLOOK_CLIENT_SECRET_EXPIRED_OR_NOT_VALID',
             description
         };
     }
 
     if (error === 'invalid_client' && /AADSTS700016/i.test(description)) {
         return {
-            message: 'OAuth Application ID for Outlook is invalid'
+            message: 'The Outlook OAuth Application ID provided is invalid. Please verify your Application ID configuration.',
+            code: 'OUTLOOK_APP_ID_INVALID'
         };
     }
 
     if (error === 'invalid_client' && /AADSTS7000215/i.test(description)) {
         return {
-            message: 'OAuth Client Secret for Outlook is invalid'
+            message: 'The Outlook OAuth Client Secret is invalid. Please verify the secret and try again.',
+            code: 'OUTLOOK_CLIENT_SECRET_INVALID'
         };
     }
 
@@ -88,18 +91,21 @@ const checkForUserFlags = err => {
         return false;
     }
 
-    let { error, error_description: description } = err;
+    const { error, error_description: description } = err;
 
     if (error === 'invalid_grant' && /user might have changed or reset their password/i.test(description)) {
         return {
-            message: 'The user changed their email account password and OAuth2 grant was revoked. Ask the user to re-authenticate.',
+            message:
+                "The user's password may have been changed or reset, causing the OAuth2 grant to be revoked. Please ask the user to re-authenticate their account.",
+            code: 'OUTLOOK_USER_PASSWORD_CHANGED',
             description
         };
     }
 
     if (error === 'invalid_grant') {
         return {
-            message: 'Failed to renew the access token for the user',
+            message: 'Failed to renew the Outlook access token for the user. Please have the user sign in again to reauthorize access.',
+            code: 'OUTLOOK_TOKEN_RENEWAL_FAILED',
             description
         };
     }
@@ -469,8 +475,11 @@ class OutlookOauth {
                 let flag = checkForFlags(err.oauthRequest.response);
                 if (flag) {
                     await this.setFlag(flag);
+                    if (flag.code && !err.code) {
+                        err.code = flag.code;
+                    }
                 }
-            } catch (err) {
+            } catch (E) {
                 // ignore
             } finally {
                 if (this.logger) {
