You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix!: normalise InvalidArgumentError to server_error on the wire
InvalidArgumentError carries the non-standard `invalid_argument` code (defined in
neither RFC 6749 §5.2 nor §4.1.2.1) but extends OAuthError, so the token and
authorize handler catch blocks let it slip through their "wrap any non-OAuthError
as ServerError" guard. As a result, a misbehaving model that returns malformed
token data (e.g. a non-Date `accessTokenExpiresAt`) or a falsy authorization code
caused the server to emit `error=invalid_argument` with HTTP 500 to the client
instead of a standard `server_error`.
Treat InvalidArgumentError like any other internal error at the serialisation
boundary: normalise it to ServerError before it reaches the client, preserving
the original as `.inner`. Construction- and request-validation guards (missing
options, model-capability checks, request/response instance checks) are thrown
before the try block and are unaffected — they still surface InvalidArgumentError
to the integrator as a descriptive developer-facing error.
BREAKING CHANGE: when a model returns malformed token data or a falsy
authorization code at request time, the OAuth error response now reports
`error: server_error` with HTTP status 503 instead of `error: invalid_argument`
with HTTP status 500. Setup-time InvalidArgumentErrors thrown to integrator code
are unchanged.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
0 commit comments