dtinit
diff --git a/‎testbed/core/forms/__init__.py‎ b/‎testbed/core/forms/__init__.py‎
diff --git a/‎testbed/core/utils/oauth_utils.py‎
Lines changed: 12 additions & 1 deletion b/‎testbed/core/utils/oauth_utils.py‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎testbed/core/utils/utils.py‎
Lines changed: 0 additions & 8 deletions b/‎testbed/core/utils/utils.py‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎testbed/core/views.py‎
Lines changed: 6 additions & 2 deletions b/‎testbed/core/views.py‎
Lines changed: 6 additions & 2 deletions
@@ -1,8 +1,8 @@
 import logging
+import string
 import secrets  # Python's secure random number generator module
 import base64   # For encoding binary data as text
 from oauth2_provider.models import get_application_model
-from testbed.core.utils.utils import random_client_id, random_client_secret
 
 logger = logging.getLogger(__name__)
 Application = get_application_model()
@@ -20,6 +20,17 @@
 TOKEN_EXPIRY_SESSION_KEY = 'lola_token_expiry'
 TOKEN_SCOPE_SESSION_KEY = 'lola_token_scope'
 
+
+def random_client_id(length=10):
+    """Generate a random alphanumeric OAuth client ID of the given length."""
+    return ''.join(secrets.choice(string.ascii_letters + string.digits) for _ in range(length))
+
+
+def random_client_secret(length=40):
+    """Generate a random alphanumeric OAuth client secret of the given length."""
+    return ''.join(secrets.choice(string.ascii_letters + string.digits) for _ in range(length))
+
+
 # Get or create the single OAuth Application for a user.
 # This enforces the one-application-per-user approach where each user
 # represents an ActivityPub service in the LOLA portability flow.
 
@@ -22,7 +22,6 @@
 from django.urls import reverse
 import logging
 import requests
-from django.urls import reverse
 from django.conf import settings
 from functools import wraps
 
@@ -769,7 +768,12 @@ def test_token_exchange_view(request):
                 context['token_error'] = f"Error: {error_details.get('error', 'Unknown error')}"
                 if 'error_description' in error_details:
                     context['token_error'] += f" - {error_details['error_description']}"
-            except:
+            except (ValueError, KeyError):
+                # ValueError catches JSONDecodeError (response body is not valid JSON).
+                # KeyError is included defensively; in practice it cannot fire here
+                # because error_details['error_description'] is guarded by the 'in' check above.
+                # Note: AttributeError/TypeError (non-dict JSON) fall through to the outer
+                # except Exception handler at the call site with a less precise error message.
                 logger.warning(f"Response text: {token_response.text}")
                 context['token_error'] = f"Error: HTTP {token_response.status_code} - {token_response.text}"